{"id":19648,"date":"2021-04-21T07:27:11","date_gmt":"2021-04-21T05:27:11","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=19648"},"modified":"2021-04-21T08:27:45","modified_gmt":"2021-04-21T06:27:45","slug":"sonicwall-email-security-zero-day-vulnerabilities-april-20-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/04\/21\/sonicwall-email-security-zero-day-vulnerabilities-april-20-2021\/","title":{"rendered":"SonicWall Email Security Zero-Day Vulnerabilities (April 20, 2021)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/04\/21\/sonicwall-email-security-zero-day-vulnerabilities-april-20-2021\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Vendor SonicWall has issued a security notification for his product SonicWall Email Security. There are Zero-Day Vulnerabilities that put users of this product at risk.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg01.met.vgwort.de\/na\/fe1cabc746bf4fe9bb8cde6f193c923f\" alt=\"\" width=\"1\" height=\"1\" \/>German blog reader Stefan A. has notified me a couple of hours ago via email and informed me about a warning (thanks for that), SonicWall has issued for users of SonicWall Email Security. Stefan wrote:<\/p>\n<blockquote><p>At the company I work for, we use SonicWall's email security, among other things. [&#8230;}<\/p>\n<p>If I interpret the CVEs correctly, the \"entry\" is probably via HTTP, which can be dangerous depending on the accessibility.<\/p>\n<p>Perhaps you could issue another brief warning here on the blog, in case there's still the odd admin with on-prem SonicWall Email Security.<\/p>\n<p>We have already applied the update on three machines and could not find anything negative after the short subsequent tests.<\/p><\/blockquote>\n<p>Stefan has send me a link to SonicWall's <a href=\"https:\/\/www.sonicwall.com\/support\/product-notification\/security-notice-sonicwall-email-security-zero-day-vulnerabilities\/210416112932360\/\" target=\"_blank\" rel=\"noopener\">Security Notice: SonicWall Email Security Zero-Day Vulnerabilities<\/a>, dated April 20, 2021. There SonicWall wrote:<\/p>\n<blockquote><p>Through the course of standard collaboration and testing, SonicWall has verified, tested and published patches to mitigate three zero-day vulnerabilities to its hosted and on-premises email security products.<\/p>\n<p>In at least one known case, these vulnerabilities have been observed to be exploited 'in the wild.' <strong>It is imperative that organizations using SonicWall Email Security hardware appliances, virtual appliances or software installation on Microsoft Windows Server immediately upgrade<\/strong> to the respective SonicWall Email Security version listed below.<\/p>\n<p>SonicWall Hosted Email Security (HES) was patched on April 19, 2021, and no action is required from organizations that are only using the hosted email security product.<\/p><\/blockquote>\n<p>Step-by-step guidance on how to apply the updates is available on an <a href=\"https:\/\/www.sonicwall.com\/support\/knowledge-base\/how-do-i-upgrade-firmware-on-an-email-security-appliance\/170504270079039\/\" target=\"_blank\" rel=\"noopener\">in-depth knowledgebase (KB) article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Vendor SonicWall has issued a security notification for his product SonicWall Email Security. There are Zero-Day Vulnerabilities that put users of this product at risk.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-19648","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=19648"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19648\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=19648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=19648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=19648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}