SonicWall has published patches to mitigate three zero-day vulnerabilities ( CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023) in email security products. A remote attacker could exploit these vulnerabilities to take control of an affected system. According to SonicWall, "In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild.’"

CVE-2021-20021 vulnerability could allow an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

CVE-2021-20022 vulnerability could allow a post-authenticated attacker to upload an arbitrary file to the remote host.

CVE-2021-20023 vulnerability could allow a post-authenticated attacker to read an arbitrary file from the remote host.

Users are advised to review the SonicWall security advisory and apply the necessary update as soon as possible – sonicwall.com.