@hbeckpdx Text 1/5:
CVE-2021-20022 Arbitrary file upload through post- authenticated “branding" feature Like many enterprise products with a web- based user interface, SonicWall Email Security includes a feature known as
CVE-2021-20022 Arbitrary file upload through post- authenticated “branding" feature Like many enterprise products with a web- based user interface, SonicWall Email Security includes a feature known as
@AltTextCrew @hbeckpdx Text 2/5:
"branding" which gives administrators the ability to customize and add certain assets to the interface, such as company logos. These branding assets are managed via packages, and new packages can be
"branding" which gives administrators the ability to customize and add certain assets to the interface, such as company logos. These branding assets are managed via packages, and new packages can be
@AltTextCrew @hbeckpdx Text 3/5:
created by uploading ZIP archives containing custom text, image files, and layout settings. A lack of file validation can enable an adversary to upload arbitrary files, including executable code, such
created by uploading ZIP archives containing custom text, image files, and layout settings. A lack of file validation can enable an adversary to upload arbitrary files, including executable code, such
@AltTextCrew @hbeckpdx Text 4/5:
as web shells. Once uploaded, these branding package ZIP archives are normally expanded and saved to the <SonicWall ES install path>\data\branding directory. However, an adversary could place
as web shells. Once uploaded, these branding package ZIP archives are normally expanded and saved to the <SonicWall ES install path>\data\branding directory. However, an adversary could place
@AltTextCrew @hbeckpdx Text 5/5:
malicious files in arbitrary locations, such as a web accessible Apache Tomcat directory, by crafting a ZIP
malicious files in arbitrary locations, such as a web accessible Apache Tomcat directory, by crafting a ZIP
• • •
Missing some Tweet in this thread? You can try to
force a refresh
