SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)

Tracked as CVE-2021-20019, a vulnerability was observed in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can potentially lead to an internal sensitive data disclosure vulnerability. The shortcoming was rectified in an update rolled out to SonicOS on June 22. However, there is no evidence that … Continue reading “SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)”

SonicWall SMA 100 Series 10.X Zero-Day Vulnerability

SonicWall is one of the latest IT security vendors, after Microsoft, FireEye, and Malwarebytes, to confirm a breach in recent weeks. All vendors disclosed cyberattacks related to the massive SolarWinds attack campaign targeting major US government agencies and businesses. SonicWall has issued a security advisory addressing a patch for the zero-day vulnerability used in attacks … Continue reading “SonicWall SMA 100 Series 10.X Zero-Day Vulnerability”

SonicWall VPN Portal Buffer Overflow Vulnerability (CVE-2020-5135)

Overview  On 14th October 2020, Tripwire VERT has published the finding of a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). An unauthenticated HTTP request via a custom protocol handler can exploit this vulnerability. Security researcher Craig Young reported this vulnerability.  Description  A persistent Denial of Service (DoS) condition and potentially arbitrary code execution is possible by sending a crafted HTTP request to the SonicOS firewall. The vulnerability can be exploited without authentication and insecure SSLVPN that is exposed … Continue reading “SonicWall VPN Portal Buffer Overflow Vulnerability (CVE-2020-5135)”