CATEGORIES
home News

Security Flaw In 800,000 SonicWall VPNs Can Be Exploited By Unskilled Hackers, Patch Now

by Paul LillyFriday, October 16, 2020, 11:34 AM EDT
VPN
A security firm warns that an "unskilled attacker" could leverage a security flaw in SonicWall VPN (virtual private network) appliances to run arbitrary code remotely, causing a persistent denial of service (DoS) condition. Or put more plainly, the SonicWall VPN has a serious security hole that makes it easy for even armchair hackers to wreak havoc.

That is concerning enough. What makes it even more serious is how many devices are affected. According to the researchers at Tripwire VERT, a Shodan search for the affected HTTP server banner indicated nearly 800,000 hosts (795,357, to be precise). So to sum it up, this is a serious security flaw, it is easily exploited by hackers with very little experience, and it affects almost 800,000 SonicWall VPN appliances.

The vulnerability lies within the SonicWall operating system, including the following versions...
  • SonicOS 6.5.4.7-79n and earlier
  • SonicOS 6.5.1.11-4n and earlier
  • SonicOS 6.0.5.3-93o and earlier
  • SonicOS 6.5.4.4-44v-21-794 and earlier
  • SonicOS 7.0.0.0-1
It is tracked as CVE-2020-5135 with a 9.4 rating out of 10, which falls into the "Critical" category. Outside of applying a patch, the only temporary way to mitigate the threat is to disconnect the affected VPN appliance from the Internet, which obviously is not an ideal workaround. Fortunately, however, SonicWall has issued patches, for the following versions...
  • SonicOS 6.5.4.7-83n
  • SonicOS 6.5.1.12-1n
  • SonicOS 6.0.5.3-94o
  • SonicOS 6.5.4.v-21s-987
  • Gen 7 7.0.0.0-2 and onwards
In speaking with ThreatPost, Craig Young, a computer security researcher with Tripwire, says this serves as another reminder that enterprise VPNs are not bullet proof.

"Organizations exposing VPN portals to the web should not consider these systems as impenetrable fortresses," Young said. "If the last 18 months has shown anything, it is that enterprise VPN firewalls can be just as insecure as a cheap home router. It is crucial to employ a tiered security model to recognize and respond to unauthorized activity."

If you are affected by this, it is strongly suggested that you patch your appliance sooner than later.
Tags:  security, SonicWALL, VPN
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment