Vulnerabilities in SonicWall Email Security actively exploited

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

12:30pm, 21 April 2021

TLP Rating: Clear

Vulnerabilities in SonicWall Email Security actively exploited

Vulnerabilities in on-premises SonicWall Email Security products are being exploited to gain access to the server. SonicWall has announced three zero-day vulnerabilities which allow an attacker to gain administrative access to an organisation’s Email Security system, and potentially other systems from there.

SonicWall has released patches to address these vulnerabilities. CERT NZ strongly recommends all organisations using SonicWall Email Security products apply these updates immediately.

What's happening

Systems affected

SonicWall Email Security version 10.0.9 and earlier versions. 

Versions 7.0.0 – 9.2.2 are also vulnerable. However, they are end-of-life products and should be immediately upgraded to a supported version as soon as possible.

What this means

An attacker can exploit these vulnerabilities and gain administrator level access to the system.

What to look for

How to tell if you're at risk

If you have not applied the latest security updates to your SonicWall Email Security system, then you are at risk.

The fixed versions all users should upgrade to are:

  • 10.0.9.6173 for Windows systems
  • 10.0.9.6177 for appliances

How to tell if you're affected

The FireEye report External Link contains Indicators of Compromise (IOC) which can assist an investigation into whether your organisation has been affected.

What to do

Prevention

Upgrade your SonicWall Email Security system. The fixed versions are:

  • 10.0.9.6173 for Windows systems
  • 10.0.9.6177 for appliances

More information

FireEye blog post External Link

SonicWall security advisory External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384