A critical vulnerability in SonicWall VPN appliances that was believed to have been patched very last year has been now discovered to be “botched,” with the firm leaving a memory leak flaw unaddressed, right up until now, that could allow a distant attacker to acquire entry to delicate info.
The shortcoming was rectified in an update rolled out to SonicOS on June 22.
Tracked as CVE-2021-20019 (CVSS score: 5.3), the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP ask for, culminating in data disclosure.
It is truly worth noting that SonicWall’s conclusion to hold again the patch arrives amid a number of zero-day disclosures impacting its distant access VPN and email security goods that have been exploited in a collection of in-the-wild attacks to deploy backdoors and a new strain of ransomware termed FIVEHANDS.
Howevere, there is no proof that the flaw is being exploited in the wild.
Memory Dump PoC
“SonicWall actual physical and digital firewalls working selected variations of SonicOS may include a vulnerability wherever the HTTP server response leaks partial memory,” SonicWall reported in an advisory posted Tuesday. “This can probably direct to an inner delicate knowledge disclosure vulnerability.”
The original flaw, determined as CVE-2020-5135 (CVSS score: 9.4), worried a buffer overflow vulnerability in SonicOS that could make it possible for a remote attacker to trigger denial-of-support (DoS) and possibly execute arbitrary code by sending a malicious request to the firewall.
When SonicWall rolled out a patch in October 2020, further testing carried out by cybersecurity agency Tripwire disclosed a memory leak as a “result of an inappropriate resolve for CVE-2020-5135,” according to security researcher Chris Youthful, who noted the new issue to SonicWall on Oct 6, 2020.
“As a a single- or two-line fix with small impact, I had expected that a patch would probably arrive out immediately but, quick-ahead to March and I continue to had not read again,” Young observed in a compose-up on Tuesday. “I reconnected with their PSIRT on March 1, 2021 for an update, but finally it took right up until nicely into June prior to an advisory could be produced.”
Observed this article fascinating? Stick to THN on Fb, Twitter and LinkedIn to browse far more exclusive content material we publish.
Some parts of this posting are sourced from: