Sonicwall 11 connects firewall vulnerabilities

Firewall-Builder Sonicwall Contains a total of 11 patches Common vulnerabilities and manifestations (CVE) revealed by researchers on its Sonicos operating system Positive Technologies, One of which has an important CVSS score of 9.4.

Very severe damage, CVE -2020-5135, a Vulnerability to buffer overflow In Sonicos General 6, versions 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSV 6.5.4V are included. It can be used against products affected by malicious cast Denial of service (DoS) and run the arbitrary code.

“The tested solution uses a SSL-VPN Remote access service Firewalls, And users could be disconnected from internal networks and their workstations in the event of a DoS attack, ”said Nikita Abramov, a positive technology researcher who worked with TripWire’s Craig Young.

“If attackers are able to run arbitrary code, they can create an attack and infiltrate the company’s internal networks,” Abramov said.

The second vulnerability, CVE-2020-5133, was rated 8.2 on the CVSS matrix, and could allow DoS attacks to occur due to remote, unauthorized attacker buffer overflow, which could lead to a firewall crash. CVEs 2020-5137, 5138, 5139 and 5140.

CVE -2020-5141, additional detected vulnerabilities that allow the remote, unauthorized attacker to brutally force virtual assistant ticket identification on the SSL-VPN service; CVE -2020-5142, A cross-site scripting (XSS) Vulnerability Firewall allows a remote, unauthorized attacker to execute arbitrary JavaScript code on the SSL-VPN portal; And CVE-2020-5143, which is on the SonicOS SSL-VPN login page and may allow the Firewall Management Administrator to calculate the username based on remote, unauthorized attacker server responses.

Sonicwal, who is behind one-fifth of gateway security equipment, according to ITC figures, said it was not aware of any vulnerabilities that had been pre-emptively exploited by cybercriminals.

Any customer who uses an affected customer is advised to upgrade their firmware – no proper support agreement is required to do so.

SonicWall maintains the highest standards for Computer Weekly to ensure the integrity of its products, solutions, services, technology and any related IP, and takes every disclosure or innovation very seriously.

“This is the best practice for vendor-researcher collaboration in the modern era,” said Area Eslampolkisade, head of quality engineering at Sonicwall.

“These kinds of transparent relationships protect the integrity of the online landscape and ensure better protection from advanced threats and emerging vulnerabilities before they affect end users.”

Full list of exposed vulnerabilities Available from Sonicwall, as well as instructions and guides on how to update hazardous products.

Leave a Reply

%d bloggers like this: