Home / Networking / 800,000 SonicWall VPNs vulnerable to new remote code execution bug

800,000 SonicWall VPNs vulnerable to new remote code execution bug


SonicWall
Advertisements

Image: SonicWall

Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday.

Discovered by the Tripwire VERT security team, CVE-2020-5135 impacts SonicOS, the operating system running on SonicWall Network Security Appliance (NSA) devices.

SonicWall NSAs are used as firewalls and SSL VPN portals to filter, control, and allow employees to access internal and private networks.

Tripwire researchers say SonicOS contains a bug in a component that handles custom protocols.

The component is exposed on the WAN (public internet) interface, meaning any attacker can exploit it, as long as they’re aware of the device’s IP address.

Tripwire said exploiting the bug is trivial even for unskilled attackers. In its simplest form, the bug can cause a denial of service and crash devices, but “a code execution exploit is likely feasible.”

The security firm said it reported the bug to the SonicWall team, which released patches on Monday.

On Wednesday, when it disclosed the CVE-2020-5135 bug on its blog, Tripwire VERT security researcher Craig Young said the company had identified 795,357 SonicWall VPNs that were connected online and were likely to be vulnerable.

CVE-2020-5135 is considered a critical bug, with a rating of 9.4 out of 10, and is expected to come under active exploitation once proof-of-concept code is made publicly available. Exploiting the vulnerability doesn’t require the attacker to have valid credentials as the bug manifests before any authentication operations.

The bug is also SonicWall’s second major bug this year, after CVE-2019-7481, disclosed earlier this winter.

Tenable and Microsoft researchers have shared this week Shodan dorks for identifying SonicWall VPNs and getting them patched.

“At this time, SonicWall is not aware of a vulnerability that has been exploited or that any customer has been impacted,” a spokesperson told ZDNet in an email.

Updated at 10:45am ET with statement from SonicWall.



Source link

Advertisements

About admin

I'm a 50 year old PLC programmer from Burnley, UK. I severed my time as an electrician in the baking industry and soon got involved with the up and coming technology of PLC's. Initially this was all based in the Uk but as the years went by I have gradually worked my way around the globe. At first it was mainly Mitsubishi with a bit of Modicon thrown in but these days the industry leaders seem to be the Allen Bradley range of PLC and HMI’s.

Check Also

AT&T Q3 2020: strong subscriber growth, but COVID-19 impact remains

Advertisements AT&T has reported Q3 2020 earnings driven by an increasing subscriber base for premium ...

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements