Critical loophole in SonicWall firewall can be exploited for denial-of-service attacks
Source: Heise.de added 16th Oct 2020Updates are available for several versions of SonicOS, which eliminate one critical and ten other security holes from “Medium” to “High”.
(Image: Artur Szczybylo / Shutterstock.com)
From
Olivia von Westernhagen The manufacturer SonicWall has secured several editions of its firewall operating system SonicOS, among other things against a buffer overflow security hole classified as critical (CVE – 2020 – 5134 , CVSS score 9.4). Further updates remove five holes with “High” and five with “Moderate” classification from SonicOS, although the affected and secured versions vary. Admins should take a look at the available advisories and import the updates promptly.
DoS and RCE may be possible As from the Security Advisory on the critical gap CVE – 2020 – 5135 may be removed Attackers exploit this by means of specially prepared requests to paralyze the firewall (denial of service). In addition, any program code can potentially be executed remotely. The IT security company Tenable provides a detailed analysis in a blog entry on CVE – 2020 – 5134.
Very similar to the explanations for CVE – 2020 – 5135 read themselves SonicWall’s descriptions of the “High” security vulnerabilities that do not require authentication for abuse. In all five cases, denial-of-service attacks are possible, which can lead to crashes of the firewall operating system and / or the entire firewall.
According to the Tenable blog entry published yesterday, Thursday is not yet known for any of the eleven gaps in proof of concept code.
Security Advisories Information on vulnerable and protected SonicOS versions can be found in the security advisories, which we refer to in descending order linked by threat level.
SonicWall Advisory on CVE – 2020 – 5135 (Critical, CVSS 9.4) SonicWall Advisory on CVE – 2020 – 5133 (High, CVSS 8.2) SonicWall Advisory on CVE – 2020 – 5137 (High, CVS S 7.5) SonicWall advisory on CVE – 2020 – 5138 (High, CVSS 7.5) SonicWall Advisory on CVE – 2020 – 5139 (High, CVSS 7.5) SonicWall -Advisory to CVE – 5133 – 5140 (High, CVSS 7.5) SonicWall Advisory on CVE – 2020 – 5134 (Medium, CVSS 6.5) SonicWall Advisory on CVE – 2020 – 5136 (Medium, CVSS 6.5) SonicWall Advisory on CVE – 202
media: Heise.de keywords: Operating System
Related posts
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88
Related Products
Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91
Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91