Vulnerability DescriptionTripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the HTTP/HTTPS service used for product management as well as SSL VPN remote access.Exposure and ImpactAn unskilled attacker can use this flaw to cause a persistent denial of service condition. Tripwire VERT has also confirmed the ability to divert execution flow through stack corruption indicating that a code execution exploit is likely feasible. This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet. As of the date of discovery, a Shodan search for the affected HTTP server banner indicated 795,357 hosts.SonicWall has indicated that the following versions are vulnerable:SonicOS 6.5.4.7-79n and earlierSonicOS 6.5.1.11-4n and earlierSonicOS 6.0.5.3-93o and earlierSonicOSv 6.5.4.4-44v-21-794 and earlierSonicOS 7.0.0.0-1Remediation & MitigationSonicWall has released updates to remediate this flaw. SSL VPN portals may be disconnected from the Internet as a temporary mitigation before the patch is applied.SonicWall has indicated that the following versions include a fix for this issue:SonicOS 6.5.4.7-83nSonicOS 6.5.1.12-1nSonicOS 6.0.5.3-94oSonicOS 6.5.4.v-21s-987Gen 7 7.0.0.0-2 and onwardsDetectionTripwire IP360 starting with ASPL-909 contains remote heuristic detection of the vulnerable service.More information about detecting possible attacks will be shared as needed after more system owners have had an opportunity to patch.Referenceshttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010
Support the originator by clicking the read the rest link below.
){kind=link}