Researchers with Tripwire’s VERT have identified a buffer-overflow in SonicWall’s Network Security Appliance, allowing for persistent denial of service. This flaw can be triggered using a custom formatted protocol header sent through an unauthenticated HTTP request. The flaw occurs pre-authentication and within a component of SonicWall’s SSLVPN, which is typically exposed to the Internet. Additionally, while a remote code execution exploit is not yet available, TripWire has stated that a RCE is likely feasible.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in