SonicWall patched vulnerabilities in SonicOS for firewall appliances discovered by Positive Technologies
expert Nikita Abramov. According to IDC
, SonicWall ranks fifth among manufacturers of gateway security appliance solutions worldwide.
The most serious vulnerability, CVE-2020-5135
, found by Nikita Abramov at Positive Technologies and Craig Young at Tripwire, is of critical severity (CVSS v3 score 9.4). This buffer overflow vulnerability in SonicOS allows remote attackers to cause denial of service (DoS) and potentially execute arbitrary code.
Nikita Abramov researcher at Positive Technologies explained: "The tested solution uses a SSL-VPN remote access service on firewalls, and users can be disconnected from internal networks and their workstations in case of a DoS attack. If attackers manage to execute arbitrary code, they may be able to develop an attack and penetrate the company's internal networks." "This is best practice for vendor-researcher collaboration in the modern era"
, said SonicWall's Aria Eslambolchizadeh, Head of Quality Engineering. "These types of open and transparent relationships protect the integrity of the online landscape, and ensure better protection from advanced threats and emerging vulnerabilities before they impact end users, as was the case here.
CVE-2020-5135 affects SonicOS 22.214.171.124-79n, SonicOS 126.96.36.199-4n, SonicOS 188.8.131.52-93o and SonicOSv 184.108.40.206-44v-21-794 (including older versions). To fix CVE-2020-5135
, users need to upgrade to the following firmware versions (depending on their product): SonicOS 220.127.116.11-83n, SonicOS 18.104.22.168-1n, SonicOS 22.214.171.124-94o or SonicOS 6.5.4.v-21s-987.
Another vulnerability, CVE-2020-5133
, received a CVSS v3 score of 8.2. This vulnerability allows a remote unauthenticated attacker to cause denial of service attacks due to buffer overflow, which leads to a firewall crash.
Failures in SonicOS can also be caused by exploitation of vulnerabilities CVE-2020-5137
, and CVE-2020-5140
(all of them have a CVSS v3 score of 7.5 and can be exploited by remote unauthenticated attackers), and vulnerabilities CVE-2020-5134
(CVSS v3 score 6.5, exploitation requires authentication).
In addition, a remote unauthenticated attacker can bruteforce Virtual Assist ticket ID in the SSL-VPN service (vulnerability CVE-2020-5141
, CVSS v3 score 6.5). A cross-site scripting (XSS) vulnerability CVE-2020-5142
, CVSS v3 score 5.3).
To migitate the vulnerabilities, follow the recommendations on the vendor's official website: https://www.sonicwall.com/support/product-notification/sonicwall-dos-xss-vulnerabilities/201015132843063/