strategical
tactical
homeland
cyber

DoS vulnerability in SonicWall VPN could lead to remote code execution

The vulnerability could be exploited by sending an HTTP request using a custom protocol handler. 18.jpg

Nikita Abramov, an expert from Positive Technologies, discovered 11 vulnerabilities (CVE-2020-5133, CVE-2020-5134, CVE-2020-5135, CVE-2020-5136, CVE-2020-5137, CVE-2020-5138, CVE-2020- 5139, CVE-2020-5140, CVE-2020-5141, CVE-2020-5142, and CVE-2020-5143) in the SonicWall Network Security Appliance (NSA) software. The most dangerous of these is critical and is contained in the HTTP / HTTPS service used for product management as well as SSL VPN remote access.

An attacker could exploit this vulnerability by sending an unauthenticated HTTP request using a custom protocol handler to cause a denial of service condition. As noted by experts, it is possible to redirect the flow of execution through stack corruption, which indicates the possible execution of arbitrary code.

However, to carry out a code execution attack, an attacker would need to exploit an information leak and do some analysis.

“If someone takes the time to prepare an RCE payload, they will most likely be able to create a large botnet using a worm,” the expert explained.

So far, there have been no indications of exploitation of the vulnerability, but the results of a Shodan search query have identified about 460,000 vulnerable devices.

The vulnerability affects SonicOS versions 6.5.4.7-79n and later, SonicOS 6.5.1.11-4n and later, SonicOS 6.0.5.3-93o and later, SonicOSv 6.5.4.4-44v-21-794 and later, and SonicOS 7.0.0.0-1.

SonicWall has released updates that address the discovered vulnerabilities. SSL VPN portals may be disconnected from the Network as a workaround before applying the patch.

All News

Scroll top