"Threat Actors Exploiting 3 SonicWall Email Security Vulnerabilities"

Users of SonicWall Hosted Email Security (HES) are urged to apply patches for three zero-day vulnerabilities found in the software. This platform provides inbound and outbound security protection and helps combat email-borne threats. The first zero-day flaw is a pre-authentication administrative account creation vulnerability stemming from a poorly secured API endpoint, which could allow an attacker to create an administrator account by sending a specially crafted HTTP request to the remote host. The exploitation of the second flaw could allow a post-authenticated hacker to upload an arbitrary file to the remote host via a branding feature. An attacker could use the feature to upload arbitrary files, including executable code like web shells, because of the lack of file validation. The third flaw is present in the branding feature. This is a traversal vulnerability that could allow a post-authenticated attacker to read an arbitrary file from the remote host. This article continues to discuss the discovery, potential exploitation, impact, and mitigation of the zero-day vulnerabilities found in the SonicWall HES platform.

HealthITSecurity reports "Threat Actors Exploiting 3 SonicWall Email Security Vulnerabilities"