Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution.
The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities.
CVE-2020-5135 was discovered by Nikita Abramov of Positive Technologies and Craig Young of Tripwire’s Vulnerability and Exposures Research Team (VERT), and has been confirmed to affect:
- SonicOS 188.8.131.52-79n and earlier
- SonicOS 184.108.40.206-4n and earlier
- SonicOS 220.127.116.11-93o and earlier
- SonicOSv 18.104.22.168-44v-21-794 and earlier
- SonicOS 22.214.171.124-1
“The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the ...
Copyright of this story solely belongs to helpnetsecurity.com . To see the full text click HERE