If you want to practice writing exploits and worms, there’s a big hijacking hole in SonicWall firewall VPNs • The Register


A critical vulnerability in a SonicWall enterprise VPN firewall can be exploited to crash the device or remotely execute code on it, reverse engineers said this week.

The stack-based buffer overflow (CVE-2020-5135) uncovered by infosec outfit Tripwire can be triggered by an “unauthenticated HTTP request involving a custom protocol handler” – and, most worryingly, could have been deployed by an “unskilled attacker.”

The biz said about 800,000 devices were discoverable through device search engine Shodan.io at the time it made its findings, which are lightly detailed on its blog.

With the vuln being exploitable before authentication, anyone could send malformed requests to a target device – either causing a denial-of-service condition by crashing it, or potentially exploiting it to remotely execute code without local authentication; Tripwire says such an attack is “likely feasible.” A worm could be developed that infects a machine via the VPN and then seeks out other vulnerable devices to hijack.

Affected versions are: SonicOS 6.5.4.6-79n and earlier, 6.5.1.11-4n and earlier, 6.0.5.3-93o and earlier, SonicOSv 6.5.4.4-44v-21-794 and earlier, and SonicOS 7.0.0.0-1. The security hole is closed in these newly released versions: SonicOS 6.5.4.7-83n, 6.5.1.12-1n, 6.0.5.3-94o, SonicOSv 6.5.4.v-21s-987, and SonicOS 7.0.0.0-2 and onwards.

Illustration of firewall breaking

Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now

READ MORE

In a statement SonicWall said it “was contacted by a third-party research team regarding issues related to SonicWall next-generation virtual firewall models (6.5.4v).” The spokesman went on to say that SonicWall’s own engineers discovered even more vulns while reproducing Tripwire’s findings, going on to develop patches for the whole lot.

“Immediately upon discovery, SonicWall researchers conducted extensive testing and code review to confirm the third-party research. This analysis lead to the discovery of additional unique vulnerabilities to virtual and hardware appliances requiring Common Vulnerabilities and Exposures (CVE) listings… The PSIRT team worked to duplicate the issues and develop, test and release patches for the affected products,” said the spokesman.

He concluded: “At this time, SonicWall is not aware of a vulnerability that has been exploited or that any customer has been impacted.” SonicWall credited Craig Young at Tripwire and Nikita Abramov at Positive Technologies for reporting the stack-overflow bug.

A batch of 11 patches have been released by SonicWall. Sysadmins are advised to check for updates and deploy these sooner rather than later. ®



Source link

Recent articles

The Surprising Origins of Chemotherapy and Other New Science Books

The Great Secret: The Classified World War II Disaster That Launched the War on Cancer Jennet Conant W. W. Norton, 2020 ($27.95) On December 2, 1943, a...

These are the worst-performing stocks in October as Big Tech slumps

October marked a cooling-off period for many large-cap technology stocks, which had led the...

Extreme Life Thrived in Hot Asteroid Pit After Dinosaur Extinction, Evidence Suggests

An asteroid struck the Yucatan Peninsula, seen here from the International Space Station, 66 million years ago, sparking a mass extinction event. Photo

Disney Skeletons Dance Into 4K

Bring on the spooky, just in time for Halloween! The creepy and cute 1929 Silly Symphony short, The Skeleton Dance by Walt...

Where Is Dying Light 2?

Recently we wrote up about the returning Left 4 Dead 2 crossover to the first Dying Light. Immediately, the comments about "what happened to...

Leave a reply

Please enter your comment!
Please enter your name here