Share This:

Threat Update

On June 23, security researchers reported that SonicWall’s stack-based Buffer Overflow vulnerability from late last year was only partially patched, yielding another attack vector for unpatched systems. A threat actor can send malicious requests to the firewall to execute code remotely and gain a foothold into an unpatched environment through partial memory leaks. SKOUT recommends patching all affected SonicWall VPN appliances as soon as possible.

Technical Detail & Additional Information

WHAT IS THE THREAT?

SonicWall VPN appliances had a critical vulnerability (CVE-2020-5135) in October of last year that delineated a stack-based Buffer Overflow. On June 23, a new critical vulnerability was identified that is tangent to the October vulnerability as researchers realized that the vulnerability from last year was only partially patched. Identified as CVE-2021-20019, Sonic’s team reported that “SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.”

WHY IS IT NOTEWORTHY?

All critical vulnerabilities that allow a threat actor to execute arbitrary code should be taken very seriously. Left unpatched, a threat actor could gain an initial foothold on your environment that could lead to lateral movement, persistence, and privilege escalation. The vulnerability resides in the web service used for VPN systems and product management. The exploits Proof-of-Concept details an unauthenticated HTTP request with custom protocols.

WHAT IS THE EXPOSURE OR RISK?

As reported by SonicWall in their advisory, this exploit “affects SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.” Left unpatched, an attacker can send these malicious HTTP/HTTPS custom protocol requests to your firewall environment to gain access to your systems.

WHAT ARE THE RECOMMENDATIONS?

SKOUT recommends to patch any vulnerable SonicWall platforms as soon as possible. Please view the following tables for the patch releases for specific SonicOS platforms:

Platforms: NSa, TZ, NSsp (GEN7)  
SonicOS Running Version SonicOS Patch Release (Update to version or later)
NSa,TZ- 7.0.0-713 and older 7.0.0-R906 and later, 7.0.1-R1456
NSsp – below < 7.0.0.376 7.0.0.376 and later, 7.0.1-R579
Platforms: NSv (Virtual: GEN7)  
SonicOS Running Version SonicOS Patch Release (Update to version or later)
NSsp- 7.0.1-R1036 and older 7.0.1-R1282/1283
Platforms: NSa, TZ, SOHO W, SuperMassive 92xx/94xx/96xx (GEN6+)  
SonicOS Running Version SonicOS Patch Release (Update to version or later)
6.5.4.8-83n and older 6.5.4.8-89n
Platforms: NSsp 12K, SuperMassive 9800  
SonicOS Running Version SonicOS Patch Release (Update to version or later)
6.5.1.12-3n and older Pending Release
Platforms: SuperMassive 10k  
SonicOS Running Version SonicOS Patch Release (Update to version or later)
6.0.5.3-94o and older Pending Release
Platforms: NSv (Virtual: VMWare/Hyper-V/AWS/Azure/KVM)  
SonicOS Running Version SonicOS Patch Release (Update to version or later)
SonicOSv – 6.5.4.4-44v-21-955 and older 6.5.4.4-44v-21-1288

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.


Share This:
Doris Au

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published. Required fields are marked *