Threat Watch

SonicWall VPN Vulnerability Could Lead To Remote Code Execution

Researchers with Tripwire’s VERT have identified a buffer-overflow in SonicWall’s Network Security Appliance, allowing for persistent denial of service. This flaw can be triggered using a custom formatted protocol header sent through an unauthenticated HTTP request. The flaw occurs pre-authentication and within a component of SonicWall’s SSLVPN, which is typically exposed to the Internet. Additionally, while a remote code execution exploit is not yet available, TripWire has stated that a RCE is likely feasible.

ANALYST NOTES

SonicWall has released updates to remediate this flaw, however SonicWall also recommends disconnecting SSL VPN portals as a temporary mitigation until the patch is applied. This vulnerability affects the following versions:
• SonicOS 6.5.4.7-83n
• SonicOS 6.5.1.12-1n
• SonicOS 6.0.5.3-94o
• SonicOS 6.5.4.v-21s-987
• Gen 7 7.0.0.0-2 and onwards
To read more, please see: https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/