SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Assaults


sonicwall vpn vulnerability

A essential vulnerability in SonicWall VPN home equipment that was believed to have been patched final yr has been now discovered to be “botched,” with the corporate leaving a reminiscence leak flaw unaddressed, till now, that might allow a distant attacker to achieve entry to delicate info.

The shortcoming was rectified in an replace rolled out to SonicOS on June 22.

Tracked as CVE-2021-20019 (CVSS rating: 5.3), the vulnerability is the consequence of a reminiscence leak when sending a specially-crafted unauthenticated HTTP request, culminating in info disclosure.

Stack Overflow Teams

It is value noting that SonicWall’s resolution to carry again the patch comes amid multiple zero-day disclosures affecting its distant entry VPN and e-mail safety merchandise which have been exploited in a collection of in-the-wild assaults to deploy backdoors and a brand new pressure of ransomware referred to as FIVEHANDS.

Howevere, there is no such thing as a proof that the flaw is being exploited within the wild.

Reminiscence Dump PoC

“SonicWall bodily and digital firewalls working sure variations of SonicOS could comprise a vulnerability the place the HTTP server response leaks partial reminiscence,” SonicWall mentioned in an advisory revealed Tuesday. “This could doubtlessly result in an inner delicate knowledge disclosure vulnerability.”

The unique flaw, recognized as CVE-2020-5135 (CVSS rating: 9.4), involved a buffer overflow vulnerability in SonicOS that might permit a distant attacker to trigger denial-of-service (DoS) and doubtlessly execute arbitrary code by sending a malicious request to the firewall.

Prevent Data Breaches

Whereas SonicWall rolled out a patch in October 2020, extra testing undertaken by cybersecurity agency Tripwire revealed a reminiscence leak as a “results of an improper repair for CVE-2020-5135,” in keeping with safety researcher Craig Younger, who reported the brand new subject to SonicWall on October 6, 2020.

“As a one- or two-line repair with minimal impression, I had anticipated {that a} patch would in all probability come out rapidly however, fast-forward to March and I nonetheless had not heard again,” Younger noted in a write-up on Tuesday. “I reconnected with their PSIRT on March 1, 2021 for an replace, however finally it took till effectively into June earlier than an advisory may very well be launched.”


Source link