A Tripwire security firm report reveals the detection of a critical security flaw in the SonicWall VPN portal that could be exploited to lock a device and prevent users from accessing its corporate resources, as well as allowing remote code execution.
Tracked as CVE-2020-5135, this is a stack-based buffer overflow vulnerability in SonicWall Network Security Appliance (NSA). According to experts, the flaw lies in the HTTP/HTTPS service used for product management and SSL VPN remote access.
Vulnerable versions are: SonicOS 6.5.4.7-79n and earlier; SonicOS 6.5.1.11-4n and earlier; SonicOS 6.0.5.3-93o and earlier; SonicOSv 6.5.4.4-44v-21-794 and earlier; sonicOS 7.0.0.0-1.
Apparently the flaw could be exploited even by attackers without advanced hacking knowledge using an unauthenticated HTTP request involving a custom protocol handler. However, experts believe this is just the beginning: “VPN errors can be incredibly dangerous; these systems expose endpoints to sensitive networks, so there are very few security tools for administrators to identify any signs of malicious behavior,” says expert Graig Young.
As if that wasn’t enough, this flaw exists in a pre-authentication routine and within a component that is usually exposed on the public Internet, in other words, the flaw can be exploited without the attacker having a username and password: “A malicious hacker could trivially generate memory problems, although a remote code execution attack using this vulnerability would be more complex”, adds the expert.
Experts have not detected attempts at active exploitation, although a scan with Shodan found at least 795,000 vulnerable hosts this week. SonicWall received the report in a timely way, so the company was able to release a security patch as soon as possible. If you can’t apply the patch right away, experts recommend temporarily disconnecting SSL VPN portals: “SonicWall has a commitment to protecting your customers’ networks, businesses, and branding,” the company said.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.