SonicWall Releases Patches for Email Security Products

Threat ID:: CC-3830
Threat Severity:: Information only
Published:: 22 April 2021 11:53 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

SonicWall Email Security (ES) Versions: 10.01-10.04

SonicWall Email Security (ES) Versions (legacy): 7.0.0-9.2.2

Threat details

Introduction

SonicWall has released patches for three vulnerabilities affecting SonicWall Email Security products. A remote attacker could exploit these vulnerabilities to take control of an affected system. The patches are for SonicWall Email Security hardware appliances, virtual appliances or software installation on Microsoft Windows Server.

Remediation advice

Organisations are encouraged to review the SonicWall security advisory and apply the necessary update as soon as possible. Note: SonicWall Hosted Email Security (HES) was patched automatically on April 19, 2021. SonicWall Email Security (ES) versions 7.0.0-9.2.2 are legacy versions which have reached end of life (EOL) and are no longer supported. Organisations using these versions can find advice in the ‘Support for End-of-Life Email Security Products’ section of the SonicWall security advisory.

CVE Vulnerabilities

Status Published

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Status Published

CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

Status Published

CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

Last edited: 22 April 2021 3:37 pm