SonicWall vulnerability affects 800,000 firewalls


A critical stack-based buffer overflow vulnerability was found in SonicWall VPNs which when exploited permits unauthenticated remote attackers to execute arbitrary code on the impacted devices.

The vulnerability which has been dubbed CVE-2020-5135, affects multiple versions of SonicOS used by thousands of active VPNs.

SonicWall NSAs are used as firewalls and SSL VPN portals to filter, control, and allow employees to access internal and private networks.

The security flaw was discovered by Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT) and Nikita Abramov of Positive Technologies.

According to the researchers, SonicOS contains a bug in a component that handles custom protocols which is exposed on the WAN interface. This means that any cybercriminal can exploit it if they know the device’s IP address.

The bug can easily cause a denial of service and crash devices, but a code execution exploit is likely feasible.

It has been found that more than 800,000 VPN devices are running vulnerable SonicOS software versions.

Even though a Proof-of-Concept (POC) exploit is not yet available in the wild, due to the wide attack surface, it is recommended that the companies must upgrade their devices at the earliest.

The following SonicWall VPN devices are impacted by CVE-2020-5135:

  • SonicOS and earlier
  • SonicOS and earlier
  • SonicOS and earlier
  • SonicOSv and earlier
  • SonicOS

In order to remediate the vulnerability, SonicWall has released updates and SSL VPN portals may be disconnected from the Internet as a temporary mitigation before applying the patch.

The below mentioned versions are available to upgrade to protect from the flaw

  • SonicOS
  • SonicOS
  • SonicOS
  • SonicOS 6.5.4.v-21s-987
  • Gen 7 and onwards
Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Ubisoft, Crytek data posted on ransomware site

    Previous article

    GravityRAT spyware also targets Android and macOS

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *