Attackers that seem to have ‘intimate knowledge’ of the SonicWall Email Security product have been discovered leveraging three (at the time) zero-day vulnerabilities in the popular enterprise solution. The flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization’s network. The vulnerabilities affect SonicWall email Security hardware appliances, virtual appliances and software installations on Microsoft Windows Server installations.
Source: https://www.helpnetsecurity.com/2021/04/21/sonicwall-email-security-zero-day-vulnerabilities/