SonicWall VPN Vulnerability Could Lead To Remote Code Execution

Threat Watch

Threat Watch SonicWall VPN Vulnerability Could Lead To Remote Code Execution

SonicWall VPN Vulnerability Could Lead To Remote Code Execution

Researchers with Tripwire’s VERT have identified a buffer-overflow in SonicWall’s Network Security Appliance, allowing for persistent denial of service. This flaw can be triggered using a custom formatted protocol header sent through an unauthenticated HTTP request. The flaw occurs pre-authentication and within a component of SonicWall’s SSLVPN, which is typically exposed to the Internet. Additionally, while a remote code execution exploit is not yet available, TripWire has stated that a RCE is likely feasible.

ANALYST NOTES

SonicWall has released updates to remediate this flaw, however SonicWall also recommends disconnecting SSL VPN portals as a temporary mitigation until the patch is applied. This vulnerability affects the following versions:
• SonicOS 6.5.4.7-83n
• SonicOS 6.5.1.12-1n
• SonicOS 6.0.5.3-94o
• SonicOS 6.5.4.v-21s-987
• Gen 7 7.0.0.0-2 and onwards
To read more, please see: https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/

The war in Ukraine and its impact on how China views Taiwan

Digging through Rust to find Gold: Extracting Secrets from Rust Malware

5 Critical Criteria for evaluating Managed Detection & Response (MDR)

How Ransomware Capabilities Are Evolving and What You Can Do to Keep Your Organization Secure

Threat Watch