The Exploit

Notes from the Front Lines of Penetration Testing

SonicWall Patches Three Zero-Day Vulnerabilities

SonicWall Patches Three Zero-Day Vulnerabilities

SonicWall has tested and published patches to mitigate three zero-day vulnerabilities in its email security products this week. Hackers are actively exploiting these vulnerabilities in the wild, and customers should patch them immediately.

Affected Products

The vulnerabilities affected the following versions of SonicWall’s email security and hosted email security products:

  • 10.0.1
  • 10.0.2
  • 10.0.3
  • 10.0.4-Present
The Addressed Vulnerabilities

The patches released by SonicWall mitigate three CVEs, listed below:

More details from SonicWall can be found in its company advisory as well as in FireEye’s detail of how the exploits were being used. Here are links to both:

Remediations

SonicWall has patched its hosted email security product automatically, but customers will need to upgrade in-house email security products on their own, using the following versions:

  • (Windows) Email Security 10.0.9.6173
  • (Hardware & ESXi Virtual Appliance) Email Security 10.0.9.6173

SonicWall also provides detailed instructions for upgrading in this advisory article: https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/

 


Raxis Administrator

Posted on

Categories: ,

Also by Raxis Administrator

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.