Security News

SonicWall ‘Botches’ October Patch for VPN Bug
2021-06-23 10:44

UPDATE. An October patch for a critical remote code execution bug in a SonicWall VPN appliance turned out to be insufficient. SonicWall originally patched the stack-based buffer overflow vulnerability in the SonicWall Network Security Appliance, tracked as CVE-2020-5135, back in October.

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks
2021-06-22 22:35

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "Botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. Tracked as CVE-2021-20019, the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure.

SonicWall bug affecting 800K firewalls was only partially fixed
2021-06-22 18:59

New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which was initially thought to have been patched. In October last year, a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, was discovered affecting over 800,000 SonicWall VPNs. When exploited, the vulnerability allows unauthenticated remote attackers to execute arbitrary code on the impacted devices, or cause Denial of Service.

SonicWall bug that affected 800K firewalls was only partially fixed
2021-06-22 18:59

New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which was initially thought to have been patched. In October last year, a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, was discovered affecting over 800,000 SonicWall VPNs. When exploited, the vulnerability allows unauthenticated remote attackers to execute arbitrary code on the impacted devices, or cause Denial of Service.

Ransomware attackers are leveraging old SonicWall SRA flaw (CVE-2019-7481)
2021-06-14 09:49

Crowdstrike now warns that a cyber-criminal group is exploiting CVE-2019-7481 - an older SQL injection vulnerability affecting SonicWall Secure Remote Access 4600 devices running firmware versions 8.x and 9.x - to penetrate organizations' networks. "In some recent investigations, CrowdStrike's Incident Response team has had correlative evidence indicating a root cause via VPN access without brute forcing. These investigations have a common denominator: All organizations used SonicWall SRA VPN appliances running 9.0.0.5 firmware," researchers Heather Smith and Hanno Heinrichs noted.

Attackers Leverage SonicWall VPN Flaw to Compromise SRA Appliances
2021-06-10 22:50

Malicious hackers are exploiting an old VPN security flaw to compromise SonicWall SRC devices, according to a warning from security vendor CrowdStrike. The vulnerability in question, tracked as CVE-2019-7481, was originally patched by SonicWall back in 2019 but CrowdStrike is warning that the firmware updates did not properly mitigate the issue on legacy SRA devices.

SonicWall Patches Command Injection Flaw in Firewall Management Application
2021-05-31 13:04

SonicWall last week announced the availability of patches for a severe vulnerability in its Network Security Manager product. NSM is a firewall management application that provides the ability to monitor and manage all network security services from a single interface, as well as to automate tasks to improve security operations.

SonicWall urges customers to 'immediately' patch NSM On-Prem bug
2021-05-28 13:46

SonicWall urges customers to 'immediately' patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager multi-tenant firewall management solution. The vulnerability tracked as CVE-2021-20026 affects NSM 2.2.0-R10-H1 and earlier and it was patched by SonicWall in the NSM 2.2.1-R6 and 2.2.1-R6 versions.

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks
2021-05-02 20:27

An "Aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "Improper SQL command neutralization" flaw in the SSL-VPN SMA100 product that allows an unauthenticated attacker to achieve remote code execution. "UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums," Mandiant researchers said.

SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched
2021-04-30 14:03

A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday. Over the past half a year, a new cybercrime group has been observed using a broad range of malware and employing aggressive tactics to pressure ransomware victims into making payments.