CRITICAL VULNERABILITY AFFECTING SonicWall VPN
CVE-2020-5135 – CVSSv3 9.4
Sources
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010
https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-cri...
https://threatpost.com/critical-sonicwall-vpn-bug/160108/
Risks
Successful exploitation of this flaw could allow a remote attacker to launch a persistent denial of service (DoS) type attack by sending a malicious request to the firewall. It is also possible to obtain Remote Code Execution (RCE) with a bit more effort.
Description
Security researchers of Tripwire disclosed a buffer overflow vulnerability, tracked as CVE-2020-5135, affecting SonicWall Network Security Appliance (NSA). According to researchers, this flaw exists within HTTP/HTTPS service used for product management and SSL VPN remote access. The exposed systems on the public internet can be used to crash the device and prevent users to from connecting to corporate resources.
More worrying, Remote code execution is achievable with a bit more work given that researchers were able to divert execution flow through stack corruption, indicating that a code-execution exploit is likely feasible. With an RCE payload an attacker could easily create a sizeable botnet with this used in a worm.
Recommended Actions
CERT.be recommends to Network administrators to install the latest updates released by the vendor for the affected versions - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010.