Wednesday 21 April 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
What you need to know:
Discovered by FireEye’s Mandiant, CVE-2021-20021, CVE-2021-20022, and CVE-20020023 could obtain administrative access and code execution on a SonicWall Email Security product when executed in conjunction. SonicWall acknowledged the security bugs and has released hotfixes via automatic updates.
Actions to be taken:
SonicWall administrators are recommended to upgrade to 10.0.9.6173 Hotfix for Windows and 10.0.9.6177 Hotfix for hardware and ESXi virtual appliances. However, starting 19 April, the fixes will have already been patched via automatic updates. Hence, no action is required.