12:30pm, 21 April 2021
TLP Rating:
Vulnerabilities in SonicWall Email Security actively exploited
Vulnerabilities in on-premises SonicWall Email Security products are being exploited to gain access to the server. SonicWall has announced three zero-day vulnerabilities which allow an attacker to gain administrative access to an organisation’s Email Security system, and potentially other systems from there.
SonicWall has released patches to address these vulnerabilities. CERT NZ strongly recommends all organisations using SonicWall Email Security products apply these updates immediately.
What's happening
Systems affected
SonicWall Email Security version 10.0.9 and earlier versions.
Versions 7.0.0 – 9.2.2 are also vulnerable. However, they are end-of-life products and should be immediately upgraded to a supported version as soon as possible.
What this means
An attacker can exploit these vulnerabilities and gain administrator level access to the system.
What to look for
How to tell if you're at risk
If you have not applied the latest security updates to your SonicWall Email Security system, then you are at risk.
The fixed versions all users should upgrade to are:
- 10.0.9.6173 for Windows systems
- 10.0.9.6177 for appliances
How to tell if you're affected
The FireEye report External Link
contains Indicators of Compromise (IOC) which can assist an investigation into whether your organisation has been affected.
What to do
Prevention
Upgrade your SonicWall Email Security system. The fixed versions are:
- 10.0.9.6173 for Windows systems
- 10.0.9.6177 for appliances
More information
FireEye blog post External Link
SonicWall security advisory External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.