Thousands of SonicWall VPN devices have a serious vulnerability triggering DoS attacks. While the patch is out, users must ensure updating their devices at their earliest convenience.
SonicWall VPN DoS Vulnerability
A critical severity bug existed in the SonicOS. The vulnerability first caught the attention of Craig Young from Tripwire who has elaborated on the findings in a post.
As reported, they found a stack-based buffer overflow vulnerability in the SSLVPN component of the SonicWall Network Security Appliance (NSA).
Due to the pre-authentication existence of the flaw and the SSLVPN exposed to the internet, the bug made thousands of devices vulnerable to attacks.
The bug affected SonicWall VPN devices allowing an attacker to conduct DoS attacks. In a severe scenario, the exploit could also allow code execution.
The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the HTTP/HTTPS service used for product management as well as SSL VPN remote access.
The vulnerability, CVE-2020-5135, received a critical severity rating with a CVSS score of 9.4.
The researcher found roughly 800,000 (precisely 795,357 hosts) vulnerable. Whereas, the bug affected the SonicOS versions 6.5.4.7-79n, 6.5.1.11-4n, 6.5.4.4-44v-21-794, 6.0.5.3-93o, and their respective earlier versions. It also affected the SonicOS version 7.0.0.0-1.
Patch Released
Upon discovering the flaw, the researcher reached out to SonicWall to report the matter. Consequently, SonicWall addressed the bug and released a fix for it with Sonic OS versions 6.5.4.7-83n, 6.5.1.12-1n, 6.5.4.v-21s-987, 6.0.5.3-94o, Gen 7 7.0.0.0-2 and onwards.
Besides, the vendors have confirmed in their statement that they found no active exploitation of the flaw.
Immediately upon discovery, SonicWall researchers conducted extensive testing and code review to confirm the third-party research…
The PSIRT team worked to duplicate the issues and develop, test and release patches for the affected products. At this time, SonicWall is not aware of a vulnerability that has been exploited or that any customer has been impacted.”
Let us know your thoughts in the comments.