A crucial flaw that can be abused for denial-of-service (DoS ) attacks and potentially arbitrary code execution can affect a large number of SonicWall firewalls.
The flaw, classified as CVE-2020-5135, affects different variants of SonicOS, the SonicWall firewall-powering operating system. For discovering the vulnerability flaw, the vendor credited researchers at Tripwire and Optimistic Technology.
In a blog post, Tripwire clarified that the flaw occurs in the HTTP / HTTPS service used for system control and access to a VPN. An unauthenticated attacker will manipulate it with a custom protocol handler by submitting specially designed HTTP requests.
“While the security hole can undoubtedly be abused for DoS attacks, Tripwire claims it is” likely feasible “to execute arbitrary code because the organisation has” proven the potential to redirect execution flow by stack corruption.
As an attacker can exploit it to cause a targeted firewall to reset, including for DoS attacks, the vulnerability can pose ...
Copyright of this story solely belongs to cybersguards.com . To see the full text click HERE