@hbeckpdx Text 1/5:
CVE-2021-20022 Arbitrary file upload through post- authenticated “branding" feature Like many enterprise products with a web- based user interface, SonicWall Email Security includes a feature known as
@AltTextCrew@hbeckpdx Text 2/5:
"branding" which gives administrators the ability to customize and add certain assets to the interface, such as company logos. These branding assets are managed via packages, and new packages can be
@AltTextCrew@hbeckpdx Text 3/5:
created by uploading ZIP archives containing custom text, image files, and layout settings. A lack of file validation can enable an adversary to upload arbitrary files, including executable code, such
@AltTextCrew@hbeckpdx Text 4/5:
as web shells. Once uploaded, these branding package ZIP archives are normally expanded and saved to the <SonicWall ES install path>\data\branding directory. However, an adversary could place
@AltTextCrew@hbeckpdx Text 5/5:
malicious files in arbitrary locations, such as a web accessible Apache Tomcat directory, by crafting a ZIP
• • •
Missing some Tweet in this thread? You can try to
force a refresh