Security News > 2021 > June > SonicWall bug that affected 800K firewalls was only partially fixed

SonicWall bug that affected 800K firewalls was only partially fixed
2021-06-22 18:59

New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which was initially thought to have been patched.

In October last year, a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, was discovered affecting over 800,000 SonicWall VPNs. When exploited, the vulnerability allows unauthenticated remote attackers to execute arbitrary code on the impacted devices, or cause Denial of Service.

In October last year, BleepingComputer reported on a critical stack-based Buffer Overflow vulnerability in SonicWall VPN firewalls.

The vulnerability, tracked as CVE-2020-5135, was present in versions of SonicOS, ran by over 800,000 active SonicWall devices.

"SonicWall is not aware of this vulnerability being exploited in the wild. As always, SonicWall strongly encourages organizations maintain patch diligence for all security products," a SonicWall spokesperson told BleepingComputer.

SonicWall has now released advisories [1, 2] related to this vulnerability today, with further information on the fixed versions.


News URL

https://www.bleepingcomputer.com/news/security/sonicwall-bug-that-affected-800k-firewalls-was-only-partially-fixed/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-12 CVE-2020-5135 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
network
low complexity
sonicwall CWE-119
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153