Posted on April 21, 2021

SonicWall has tested and published patches to mitigate three zero-day vulnerabilities in its email security products this week. Hackers are actively exploiting these vulnerabilities in the wild, and customers should patch them immediately.

Affected Products

The vulnerabilities affected the following versions of SonicWall’s email security and hosted email security products:

10.0.1
10.0.2
10.0.3
10.0.4-Present

The Addressed Vulnerabilities

The patches released by SonicWall mitigate three CVEs, listed below:

CVE-2021-20021 (https://nvd.nist.gov/vuln/detail/CVE-2021-20021): An unauthenticated attacker can potentially create an administrator account by sending a crafted HTTP request.
CVE-2021-20022 (https://nvd.nist.gov/vuln/detail/CVE-2021-20022): An authenticated attacker can potentially upload an arbitrary file to a vulnerable target.
CVE-2021-20023 (https://nvd.nist.gov/vuln/detail/CVE-2021-20023): An authenticated attacker can potentially read arbitrary files from a vulnerable target.

More details from SonicWall can be found in its company advisory as well as in FireEye’s detail of how the exploits were being used. Here are links to both:

SonicWall Advisory: https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
FireEye Detailed Threat Report: https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html

Remediations

SonicWall has patched its hosted email security product automatically, but customers will need to upgrade in-house email security products on their own, using the following versions:

(Windows) Email Security 10.0.9.6173
(Hardware & ESXi Virtual Appliance) Email Security 10.0.9.6173

SonicWall also provides detailed instructions for upgrading in this advisory article: https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/

Raxis Research Team

The Raxis Research Team is dedicated to staying ahead of the threat landscape. Our experts dig into emerging exploits, uncover hidden vulnerabilities, and develop resources that power our penetration testing engagements. By combining curiosity with technical precision, the team equips Raxis testers with cutting-edge intelligence to simulate real-world attacks and strengthen client defenses.

About The Exploit Blog

The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.

Search The Exploit Blog

Raxis Discovered Vulnerabilities

View the CVEs and bugs that Raxis pentesters have uncovered and submitted.

Tested by the People Who Wrote This Blog Post

The engineers behind these posts run real engagements every week. Put them on your network, web apps, APIs, or cloud and see what an attacker would find first.

Request A Quote Schedule Call

Join Our Newsletter

Name(Required)

First Last

Email(Required)

Newsletter(Required)

Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.

Yes! Please send me Popped Culture, the Raxis Newsletter.

SonicWall Patches Three Zero-Day Vulnerabilities