Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device. The following versions of SonicWall are vulnerable: After some research, I am unclear how many devices may be vulnerable to this attack. Tenable/Tripwire implies it could be up to approximately 800,000 devices (as detected by Shodan). I expect that not all of these devices have the VPN enabled, and some have been updated already, so the number is probably quite a bit lower, but still significant. I have not been able to find a way to remotely detect which devices are vulnerable. Nmap can be used to detect SonicWall instances, but does not provide enough information to determine the OS version or probe for the vulnerability.
If any of you know of a reliable scanning technique to detect this vulnerability please let me know at our contact page and I will update the diary. SonicWall released updates last week which fix this vulnerability and several others. Although no known exploit has been detected in the wild. I expect, give recent historical attacks on VPNs, I would expect this one will get a lot of interest from bad guys. I strongly recommend updating as soon as reasonable. More information can be found at the following links:
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) |
Rick 317 Posts ISC Handler Oct 17th 2020 |
Thread locked Subscribe |
Oct 17th 2020 4 months ago |
Even though the issue is interesting and promising for certain attackers, our Cyber Threat Intelligence isn't observing any important research or exploitation activity at the moment. Most malicious actors might be focusing on the latest Microsoft patchday right now...
|
Anonymous |
Quote |
Oct 18th 2020 4 months ago |
Sign Up for Free or Log In to start participating in the conversation!