A security firm warns that an "unskilled attacker" could leverage a security flaw in
SonicWall VPN (virtual private network) appliances to run arbitrary code remotely, causing a persistent denial of service (DoS) condition. Or put more plainly, the SonicWall VPN has a serious security hole that makes it easy for even armchair hackers to wreak havoc.
That is concerning enough. What makes it even more serious is how many devices are affected. According to the researchers at Tripwire VERT, a Shodan search for the affected HTTP server banner indicated nearly 800,000 hosts (795,357, to be precise). So to sum it up, this is a serious security flaw, it is easily exploited by
hackers with very little experience, and it affects almost 800,000 SonicWall VPN appliances.
The vulnerability lies within the SonicWall operating system, including the following versions...
- SonicOS 6.5.4.7-79n and earlier
- SonicOS 6.5.1.11-4n and earlier
- SonicOS 6.0.5.3-93o and earlier
- SonicOS 6.5.4.4-44v-21-794 and earlier
- SonicOS 7.0.0.0-1
It is tracked as CVE-2020-5135 with a 9.4 rating out of 10, which falls into the "Critical" category. Outside of applying a patch, the only temporary way to mitigate the threat is to disconnect the affected VPN appliance from the Internet, which obviously is not an ideal workaround. Fortunately, however, SonicWall has issued patches, for the following versions...
-
SonicOS 6.5.4.7-83n
- SonicOS 6.5.1.12-1n
- SonicOS 6.0.5.3-94o
- SonicOS 6.5.4.v-21s-987
- Gen 7 7.0.0.0-2 and onwards
In speaking with ThreatPost, Craig Young, a computer security researcher with Tripwire, says this serves as another reminder that enterprise VPNs are not bullet proof.
"Organizations exposing VPN portals to the web should not consider these systems as impenetrable fortresses," Young said. "If the last 18 months has shown anything, it is that enterprise VPN firewalls can be just as insecure as a cheap home router. It is crucial to employ a tiered security model to recognize and respond to unauthorized activity."
If you are affected by this, it is strongly suggested that you patch your appliance sooner than later.