The SonicWall NSAs are next-generation firewall appliances with a sandbox, intrusion prevention system, SSL / TLS decryption and inspection functions, network-based malware protection and VPN functions.
CVE-2020-5135 was discovered by Nikita Abramov of Positive Technologies and Craig Young of the Tripwire Vulnerability and Exposures Research Team (VERT) and has the following effects:
- SonicOS 126.96.36.199-79n and earlier
- SonicOS 188.8.131.52-4n and earlier
- SonicOS 184.108.40.206-93o and earlier
- SonicOSv 220.127.116.11-44v-21-794 and earlier
- SonicOS 18.104.22.168-1
“The error can be triggered by an unauthenticated HTTP request that involves a custom protocol handler. The vulnerability exists within the HTTP / HTTPS service used for product management as well as remote SSL VPN access, ”Tripwire explained to VERT.
“This error occurs prior to authentication and within a component (SSLVPN) that is normally exposed to the public Internet.”
With the help of Shodan, both Tripwire and Tenable researchers discovered nearly 800,000 SonicWall NSA devices with the affected HTTP server banner on the Internet. However, as the latter noted, it is impossible to determine the actual number of vulnerable devices because their respective versions could not be determined (i.e. some may already have been patched).
A persistent DoS condition is apparently easy for attackers to achieve as it does not require prior authentication and can be triggered by sending a specially crafted request to the vulnerable service / SSL VPN portal.
According to VERT, a code execution exploit is “probably doable,” although it is a little more difficult to execute.
Mitigation and remediation
There is currently no evidence that the bug is being actively exploited, nor is there a public PoC exploitation code available, so administrators have the option to update affected devices.
Aside from implementing the update offered, they can alternatively disconnect the SSL VPN portal from the internet, although this action does not reduce the risk of exploiting some of the other bugs fixed by the latest updates.
Implementing the security updates is therefore the preferred step, especially since security flaws in SSL VPN solutions are often attacked by cyber criminals and threat actors.
These were the details of the news Fixed critical bug in SonicWall patches, updated quickly! (CVE-2020-5135) for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.