Rewterz Threat Advisory – Multiple SonicWall Security Vulnerabilities

April 14, 2021

Severity

High

Analysis Summary

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

CVE-2021-20022

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

CVE-2021-20020

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.

Impact

Remote code execution
Privilege access

Affected Vendors

Sonicwall

Affected Products

SonicWall Email Security version 10.0.9.x

Remediation

Users are advised to update to the latest version.

Security Advisory – SonicWall

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us