Three zero-day vulnerabilities impacting SonicWall's Email Security product were exploited in the wild last month, and the vendor is urging customers to update their software immediately.
The security vendor, which was breached via its own zero-days earlier this year, released a security notice Tuesday that both instructed customers to patch their versions of Email Security (ES) and disclosed that the group of vulnerabilities has been exploited "in at least one known case," though the attack was not ultimately successful.
The zero days affect Email Security 10.0.1 onward (Windows, hardware and ESXi Virtual Appliance versions) and Hosted Email Security 10.0.1 onwards. SonicWall's security notice mentions that Email Security versions 7.0.0-9.2.2 are also impacted, but since they're no longer being supported, customers with an active license can update to the latest product versions.
The zero days include CVE-2021-20021, a critical vulnerability ...
Copyright of this story solely belongs to searchsecurity.techtarget.com . To see the full text click HERE