Security News > 2021 > June > SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks
A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "Botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information.
Tracked as CVE-2021-20019, the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure.
It's worth noting that SonicWall's decision to hold back the patch comes amid multiple zero-day disclosures affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS. Howevere, there is no evidence that the flaw is being exploited in the wild.
"SonicWall physical and virtual firewalls running certain versions of SonicOS may contain a vulnerability where the HTTP server response leaks partial memory," SonicWall said in an advisory published Tuesday.
The original flaw, identified as CVE-2020-5135, concerned a buffer overflow vulnerability in SonicOS that could allow a remote attacker to cause denial-of-service and potentially execute arbitrary code by sending a malicious request to the firewall.
While SonicWall rolled out a patch in October 2020, additional testing undertaken by cybersecurity firm Tripwire revealed a memory leak as a "Result of an improper fix for CVE-2020-5135," according to security researcher Craig Young, who reported the new issue to SonicWall on October 6, 2020.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/F-0UTEffuRc/sonicwall-left-vpn-flaw-partially.html
Related news
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-23 | CVE-2021-20019 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. | 7.5 |
| 2020-10-12 | CVE-2020-5135 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. | 9.8 |