A crucial flaw that can be abused for denial-of-service (DoS ) attacks and potentially arbitrary code execution can affect a large number of SonicWall firewalls.
The flaw, classified as CVE-2020-5135, affects different variants of SonicOS, the SonicWall firewall-powering operating system. For discovering the vulnerability flaw, the vendor credited researchers at Tripwire and Optimistic Technology.
In a blog post, Tripwire clarified that the flaw occurs in the HTTP / HTTPS service used for system control and access to a VPN. An unauthenticated attacker will manipulate it with a custom protocol handler by submitting specially designed HTTP requests.
“While the security hole can undoubtedly be abused for DoS attacks, Tripwire claims it is” likely feasible “to execute arbitrary code because the organization has” proven the potential to redirect execution flow by stack corruption.
As an attacker can exploit it to cause a targeted firewall to reset, including for DoS attacks, the vulnerability can pose a significant threat to organizations.
“By sending the malicious request continuously, an attacker can keep the system rebooting,” Tripwire’s Craig Young. You may think about an extortion device where someone tries to keep your VPN workers offline before you pay them to stop attacking them. It may be difficult for the company to repair a system when under attack, particularly during COVID, as it could entail access to physical hardware and extended downtime.
A DoS assault leads to the “collapse” of the main firewall program, which he claims is responsible for all the logic work, including the web interface, command-line interface, and other facilities, explained Nikita Abramov, the application analysis specialist at Positive Technologies.
Tripwire said nearly 800,000 exposed SonicWall systems were found on Shodan, but Young explained that this list possibly still contains non-vulnerable units.
On the other side, Optimistic Technologies told that it had approximately 460,000 compromised devices found.
An advisory that includes information on compromised versions of SonicOS, as well as the availability of patches to patch CVE-2020-5135, has been issued by SonicWall.
SonicWall also credited Positive Technologies this week with revealing a dozen more bugs in SonicOS, including some high-severity DoS weaknesses that can be remotely abused without authorization to crash a firewall, and less significant problems with DoS, XSS, brute force, and admin login enumeration.