8 matches found
SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-200...
3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security ES product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidia...
CVE-2021-20022
creationtimestamp| type| source ---|---|--- 2021-04-21 01:32:05+00:00| seen| https://t.me/cKure/4953 2021-04-21 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=572 2021-04-22 15:55:13+00:00| exploited| https://t.me/NeKaspersky/777 2021-11-08 08:58:19+00:00| seen|...
VulnCheck KEV: CVE-2021-20022
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and...
SonicWall Email Security post-authentication arbitrary file creation vulnerability
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE: CVE-2021-20022 Last updated: April 9, 2021, 10:03 p.m...
CVE-2021-20022
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host...
CVE-2021-20022
CVE-2021-20022 affects SonicWall Email Security versions 10.0.9.x and enables post-authenticated arbitrary file upload via the branding ZIP mechanism (Zip Slip style) to write files to the server. FireEye/Mandiant detail that lack of input validation allows an attacker to place a web shell in a w...
CVE-2021-20022
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Recent assessments: wvu-r7 at September 07, 2021 4:22am UTC reported: Super easy to exploit. See CVE-2021-20021 for the first part of the...