A critical stack-based buffer overflow vulnerability was found in SonicWall VPNs which when exploited permits unauthenticated remote attackers to execute arbitrary code on the impacted devices.
The vulnerability which has been dubbed CVE-2020-5135, affects multiple versions of SonicOS used by thousands of active VPNs.
SonicWall NSAs are used as firewalls and SSL VPN portals to filter, control, and allow employees to access internal and private networks.
The security flaw was discovered by Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT) and Nikita Abramov of Positive Technologies.
According to the researchers, SonicOS contains a bug in a component that handles custom protocols which is exposed on the WAN interface. This means that any cybercriminal can exploit it if they know the device’s IP address.
The bug can easily cause a denial of service and crash devices, but a code execution exploit is likely feasible.
It has been found that more than 800,000 VPN devices are running vulnerable SonicOS software versions.
Even though a Proof-of-Concept (POC) exploit is not yet available in the wild, due to the wide attack surface, it is recommended that the companies must upgrade their devices at the earliest.
The following SonicWall VPN devices are impacted by CVE-2020-5135:
- SonicOS 184.108.40.206-79n and earlier
- SonicOS 220.127.116.11-4n and earlier
- SonicOS 18.104.22.168-93o and earlier
- SonicOSv 22.214.171.124-44v-21-794 and earlier
- SonicOS 126.96.36.199-1
In order to remediate the vulnerability, SonicWall has released updates and SSL VPN portals may be disconnected from the Internet as a temporary mitigation before applying the patch.
The below mentioned versions are available to upgrade to protect from the flaw
- SonicOS 188.8.131.52-83n
- SonicOS 184.108.40.206-1n
- SonicOS 220.127.116.11-94o
- SonicOS 6.5.4.v-21s-987
- Gen 7 18.104.22.168-2 and onwards