Issued: Wednesday, 21 April, 2021 |
Last Revision: Wednesday, 21 April, 2021 |
Vendor: |
Product: |
Severity Level: |
- CVE-2021-20021 - Unauthorized administrative account creation (CVSS: 9.4)
- CVE-2021-20022 - Post-authentication arbitrary file upload (CVSS: 6.7)
- CVE-2021-20023 - Post-authentication arbitrary file read (CVSS: 6.7)
SonicWall has released the 10.0.9.6173 Hotfix for Windows users, and the 10.0.9.6177 Hotfix for hardware and ESXi virtual appliance users. According to the vendor, SonicWall Hosted Email Security (HES) was patched on April 19, 2021, and no action is required from organizations that are only using the hosted email security product. We recommend to apply these hotfixes on SonicWall Email Security appliances, which can be found on the vendor's original advisory below:
It would be also recommended to check for malicious activity on the Email Security appliances by reviewing log files, system files and monitoring child processes of the tomcat service. FireEye's Mandiant team has released a report which can be used as a guideline to monitor and investigate potential compromises (see section "Investigation & Monitoring Tips"), which can be found below: