The hotfixes will also be superseded by the upcoming SonicWall ES 10.0.10 release. SonicWall Hosted Email Security product was automatically updated for all customers and no additional action is required for patching purposes. Hotfix for hardware and ESXi virtual appliance users. SonicWall advises all customers and partners to upgrade to the 10. Mandiant has been coordinating with the SonicWall Product Security and Incident Response Team (PSIRT) for the responsible disclosure of this information. Post-authentication arbitrary file upload Unauthorized administrative account creation The vulnerabilities are being tracked in the following CVEs: The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network. These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device. In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. ![]() Create a Free Mandiant Advantage Account.Noteholder and Preferred Shareholder Documents.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |