• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Zerologon Patches Roll Out Beyond Microsoft

Critical SonicWall NAC Vulnerability Stems from Apache Mods

You are here: Home / Latest Cyber Security Vulnerabilities / Critical SonicWall NAC Vulnerability Stems from Apache Mods
January 11, 2022

Scientists offer a lot more element on the bug, which can permit attackers to wholly get over targets.

Speedy7 has available up far more aspects on a SonicWall critical flaw that permits for unauthenticated remote code execution (RCE) on influenced units, noting that it arises from tweaks that the seller produced to the Apache httpd server.

The bug (CVE-2021-20038) is one particular of five vulnerabilities learned in its collection of preferred network accessibility regulate (NAC) system merchandise.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In Oct, Fast7 lead security researcher Jake Baines found the flaws in Sonic Wall’s Secure Cellular Obtain (SMA) 100 collection of units, which involves SMA 200, 210, 400, 410 and 500v, he wrote in a report posted Tuesday.

Sonic Wall’s SMA 100 line offers conclude-to-end safe distant accessibility to corporate assets, irrespective of whether they are hosted on-premise, in the cloud or in hybrid knowledge facilities. The suite also provides policy-enforced obtain handle for company end users to apps immediately after creating person and system identification and have confidence in.

CVE-2021-20038 is the most critical of the flaws, with a rating of 9.8 on the Typical Vulnerability Scoring Technique (CVSS). It’s a stack buffer overflow vulnerability that an attacker can exploit to obtain finish regulate of a product or virtual machine that is running SonicWall’s NAC option.

The flaw permits attackers to overwrite several security-critical info on an execution stack that can lead to arbitrary code execution, according to its advisory listing on the Typical Weak point Enumeration web site.

“The most outstanding is the saved return handle, the memory tackle at which execution ought to proceed when the current functionality is finished executing,” in accordance to the advisory. “The attacker can overwrite this benefit with some memory handle to which the attacker also has publish entry, into which they spot arbitrary code to be operate with the whole privileges of the vulnerable software.”

Exploiting the Critical Vulnerability

The stack-based buffer overflow flaw discovered by Baines affects SonicWall SMA 100 series edition: 10.2.1.1-19sv and is by considerably is the most unsafe for afflicted gadgets, and therefore the most useful for attackers, he wrote.

By exploiting the issue, attackers “can get finish regulate of the machine or digital machine” that is jogging the equipment, according to the report.

“This can allow attackers to install malware to intercept authentication substance from licensed end users, or get to back into the networks safeguarded by these equipment for further more attack,” Baines wrote.

This 7 days, Baines exposed that the dilemma in the system lies in its web server, which is “a a little bit modified model of the Apache httpd server,” he defined in the report, shared with Threatpost forward of publication.

One particular of the notable modifications is in the mod_cgi module (/lib/mod_cgi.so) and, precisely, a customized variation of the cgi_make_command perform that appends all the natural environment variables on to a single stack-primarily based buffer using strcat, Baines wrote.

“There is no bounds examining on this setting string buildup, so if a malicious attacker were to produce an overly extensive Question_STRING then they can overflow the stack-based buffer,” he explained. This outcomes in a crash that compromises the system, Baines wrote.

“Technically, the … crash is owing to an invalid read through, but you can see the stack has been
effectively overwritten,” he wrote. “A practical exploit need to be capable to return to an attacker’s wished-for deal with.”

Considering that edge-based NAC devices “are specifically appealing targets for attackers,” Baines reported it is important that firms with networks that use SonicWall’s SMA 100 series equipment in regardless of what kind implement SonicWall’s update as speedily as doable to fix the issues, Baines mentioned.

Documented & Fastened: Patch Now

The other flaws uncovered by Barnes ended up rated with CVSS severity in the assortment of 6.5 to 7.5. They include things like an “improper neutralization of special features made use of in an OS command,” or OS command injection flaw with a ranking of 7.2 (CVE-2021-20039) a relative route traversal vulnerability with a ranking of 6.5 (CVE-2021-20040) a loop with unreachable exit condition, or infinite loop flaw with a ranking of 7.5 (CVE-2021-20041) and an unintended proxy or middleman also acknowledged as a “confused deputy” vulnerability with a score of 6.5 (CVE-2021-20042).

In his analysis, Baines analyzed the SMA 500v firmware variations 9…11-31sv and 10.2.1.1-19sv discovering that CVE-2021-20038 and CVE-2021-20040 affect only equipment functioning version 10.2.x, though the remaining issues influence both firmware variations.

Baines reported the flaws to SonicWall and labored with the vendor to remediate the vulnerabilities in excess of a period of time of about two months. On Dec. 7, SonicWall unveiled a security advisory and updates repairing the issues Baines experienced determined.

His report details each and every flaw and its impression and was printed according to Quick7’s vulnerability disclosure policy.

Password Reset: On-Desire Celebration: Fortify 2022 with a password-security method constructed for today’s threats. This Threatpost Security Roundtable, built for infosec industry experts, facilities on business credential management, the new password basic principles and mitigating put up-credential breaches. Be a part of Darren James, with Specops Computer software and Roger Grimes, protection evangelist at KnowBe4 and Threatpost host Becky Bracken. Register & stream this Totally free session today – sponsored by Specops Application.


Some components of this posting are sourced from:
threatpost.com

Previous Post: «how to build a zero trust model How to build a zero trust model
Next Post: World Economic Forum: Cybersecurity an Increasing Global Threat Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fronton IOT Botnet Packs Disinformation Punch
  • SIM-based Authentication Aims to Transform Device Binding Security to End Phishing
  • New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild
  • Open source packages with millions of installs hacked to harvest AWS credentials
  • DOE ‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌funds‌ ‌development of Qunnect’s Quantum Repeater
  • Cabinet Office Reports 800 Missing Electronic Devices in Three Years
  • Malware Analysis: Trickbot
  • Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
  • US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info
  • Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

Copyright © TheCyberSecurity.News, All Rights Reserved.