Malware Devil

Loading...

Saturday, October 17, 2020

CVE-2020-5135 – Buffer Overflow in SonicWall VPNs – Patch Now, (Sat, Oct 17th)

Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device.

The following versions of SonicWall are vulnerable:
SonicOS 6.5.4.6-79n and earlier
SonicOS 6.5.1.11-4n and earlier
SonicOS 6.0.5.3-93o and earlier
SonicOSv 6.5.4.4-44v-21-794 and earlier
SonicOS 7.0.0.0-1

After some research, I am unclear how many devices may be vulnerable to this attack. Tenable/Tripwire implies it could be up to approximately 800,000 devices (as detected by Shodan).  

I expect that not all of these devices have the VPN enabled, and some have been updated already, so the number is probably quite a bit lower, but still significant. 

I have not been able to find a way to remotely detect which devices are vulnerable.  Nmap can be used to detect SonicWall instances, but does not provide enough information to determine the OS version or probe for the vulnerability.

PORT      STATE    SERVICE        REASON         VERSION
80/tcp    open     http-proxy     syn-ack ttl 53 SonicWALL SSL-VPN http proxy
|_http-server-header: SonicWALL SSL-VPN Web Server
443/tcp   open     ssl/http-proxy syn-ack ttl 53 SonicWALL SSL-VPN http proxy
|_http-server-header: SonicWALL SSL-VPN Web Server
50001/tcp filtered unknown        no-response

If any of you know of a reliable scanning technique to detect this vulnerability please let me know at our contact page and I will update the diary.

SonicWall released updates last week which fix this vulnerability and several others. Although no known exploit has been detected in the wild.  I expect, give recent historical attacks on VPNs, I would expect this one will get a lot of interest from bad guys. I strongly recommend updating as soon as reasonable.

More information can be found at the following links:
https://www.bleepingcomputer.com/news/security/critical-sonicwall-vulnerability-affects-800k-firewalls-patch-now/
https://www.tripwire.com/state-of-security/vert/sonicwall-vpn-portal-critical-flaw-cve-2020-5135/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010

 

— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post CVE-2020-5135 – Buffer Overflow in SonicWall VPNs – Patch Now, (Sat, Oct 17th) appeared first on Malware Devil.



https://malwaredevil.com/2020/10/17/cve-2020-5135-buffer-overflow-in-sonicwall-vpns-patch-now-sat-oct-17th/?utm_source=rss&utm_medium=rss&utm_campaign=cve-2020-5135-buffer-overflow-in-sonicwall-vpns-patch-now-sat-oct-17th
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...