A stack-based buffer overflow flaw in SonicWall Network Security Appliance (NSA) could affect nearly 800,000 SonicWall VPNs across the globe, if not patched. According to security researcher Craig Young from Tripwire VERT, the vulnerability CVE-2020-5135 can be exploited by an unauthenticated HTTP request involving a custom protocol handler. The issue exists in the HTTP/HTTPS service, which is used for product management and for SSL VPN remote access.
What is the Impact?
An attacker can abuse the vulnerability to launch a persistent denial of service (DoS) and remote code execution (RCE) attacks. The vulnerability has affected HTTP server banner indicated 795,357 hosts till now. The flaw exists pre-authentication and within a component (SSLVPN), which is exposed online.
Complete the Endpoint Security Survey and win lots of amazing goodies!
The vulnerable versions include:
- SonicOS 6.5.4.7-79n and earlier
- SonicOS 6.5.1.11-4n and earlier
- SonicOS 6.0.5.3-93o and earlier
- SonicOSv 6.5.4.4-44v-21-794 and earlier
- SonicOS 7.0.0.0-1
Required Remediation
SonicWall stated it released a patch to remediate the vulnerability. The company asked users to take SSL VPN portals offline for temporary mitigation before patching.
SonicWall recommended its users to update their portals with the following versions to fix the flaw:
- SonicOS 6.5.4.7-83n
- SonicOS 6.5.1.12-1n
- SonicOS 6.0.5.3-94o
- SonicOS 6.5.4.v-21s-987
- Gen 7 7.0.0.0-2 and onwards
“Immediately upon discovery, SonicWall researchers conducted extensive testing and code review to confirm the third-party research. This analysis led to the discovery of additional unique vulnerabilities to virtual and hardware appliances requiring Common Vulnerabilities and Exposures (CVE) listings based on the Common Vulnerability Scoring System (CVSS). The team worked to duplicate the issues and develop, test and release patches for the affected products. At this time, SonicWall is not aware of a vulnerability that has been exploited or that any customer has been impacted,” SonicWall said in a statement.
Related story: What are the Best VPN Services in 2020?