www.belgium.be Logo of the federal government

CRITICAL VULNERABILITY AFFECTING SonicWall VPN

Reference: 
Advisory #2020-032
Version: 
1.0
Affected software: 
SonicOS 6.5.4.7-79n and earlier versions.
SonicOS 6.5.1.11-4n and earlier versions.
SonicOS 6.0.5.3-93o and earlier versions.
SonicOSv 6.5.4.4-44v-21-794 and earlier versions.
SonicOS 7.0.0.0-1.
Type: 
Denial of Service (DOS), Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2020-5135 – CVSSv3 9.4

Date: 
16/10/2020

Sources

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010
https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-cri...
https://threatpost.com/critical-sonicwall-vpn-bug/160108/

Risks

Successful exploitation of this flaw could allow a remote attacker to launch a persistent denial of service (DoS) type attack by sending a malicious request to the firewall. It is also possible to obtain Remote Code Execution (RCE) with a bit more effort.

Description

Security researchers of Tripwire disclosed a buffer overflow vulnerability, tracked as CVE-2020-5135, affecting SonicWall Network Security Appliance (NSA). According to researchers, this flaw exists within HTTP/HTTPS service used for product management and SSL VPN remote access. The exposed systems on the public internet can be used to crash the device and prevent users to from connecting to corporate resources.
More worrying, Remote code execution is achievable with a bit more work given that researchers were able to divert execution flow through stack corruption, indicating that a code-execution exploit is likely feasible. With an RCE payload an attacker could easily create a sizeable botnet with this used in a worm.

Recommended Actions

CERT.be recommends to Network administrators to install the latest updates released by the vendor for the affected versions - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010.