Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

10/23/2020
05:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Positive Technologies Helps Fix 11 Vulnerabilities in Popular SonicWall Firewall Appliances

Potential threats included disconnection of remote employees or branches and possible attacker penetration into corporate networks.

Framingham, MA (October 22, 2020) – SonicWall patched vulnerabilities in SonicOS for firewall appliances discovered by Positive Technologies expert Nikita Abramov. According to IDC, SonicWall ranks fifth among manufacturers of gateway security appliance solutions worldwide.

The most serious vulnerability, CVE-2020-5135, found by Nikita Abramov at Positive Technologies and Craig Young at Tripwire, is of critical severity (CVSS v3 score 9.4). This buffer overflow vulnerability in SonicOS allows remote attackers to cause denial of service (DoS) and potentially execute arbitrary code.

Nikita Abramov researcher at Positive Technologies explained: “The tested solution uses a SSL-VPN remote access service on firewalls, and users can be disconnected from internal networks and their workstations in case of a DoS attack. If attackers manage to execute arbitrary code, they may be able to develop an attack and penetrate the company's internal networks.”

“This is best practice for vendor-researcher collaboration in the modern era,” said SonicWall's Aria Eslambolchizadeh, Head of Quality Engineering. “These types of open and transparent relationships protect the integrity of the online landscape, and ensure better protection from advanced threats and emerging vulnerabilities before they impact end users, as was the case here.”

CVE-2020-5135 affects SonicOS 6.5.4.7-79n, SonicOS 6.5.1.11-4n, SonicOS 6.0.5.3-93o and SonicOSv 6.5.4.4-44v-21-794 (including older versions). To fix CVE-2020-5135, users need to upgrade to the following firmware versions (depending on their product): SonicOS 6.5.4.7-83n, SonicOS 6.5.1.12-1n, SonicOS 6.0.5.3-94o or SonicOS 6.5.4.v-21s-987. 

Another vulnerability, CVE-2020-5133, received a CVSS v3 score of 8.2. This vulnerability allows a remote unauthenticated attacker to cause denial of service attacks due to buffer overflow, which leads to a firewall crash.

Failures in SonicOS can also be caused by exploitation of vulnerabilities CVE-2020-5137CVE-2020-5138CVE-2020-5139, and CVE-2020-5140 (all of them have a CVSS v3 score of 7.5 and can be exploited by remote unauthenticated attackers), and vulnerabilities CVE-2020-5134 and CVE-2020-5136 (CVSS v3 score 6.5, exploitation requires authentication).

In addition, a remote unauthenticated attacker can bruteforce Virtual Assist ticket ID in the SSL-VPN service (vulnerability CVE-2020-5141, CVSS v3 score 6.5). A cross-site scripting (XSS) vulnerability CVE-2020-5142 (CVSS v3 score 6.5) allows a remote unauthenticated attacker to potentially execute arbitrary JavaScript code in the firewall SSL-VPN portal. Finally, a SonicOS SSL-VPN login page could allow a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses (vulnerability CVE-2020-5143, CVSS v3 score 5.3). 

To migitate the vulnerabilities, follow the recommendations on the vendor's official website:  https://www.sonicwall.com/support/product-notification/sonicwall-dos-xss-vulnerabilities/201015132843063/

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36197
PUBLISHED: 2021-05-13
An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This ...
CVE-2020-36198
PUBLISHED: 2021-05-13
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP...
CVE-2021-28799
PUBLISHED: 2021-05-13
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3...
CVE-2021-22155
PUBLISHED: 2021-05-13
An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s acco...
CVE-2021-23134
PUBLISHED: 2021-05-12
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.