Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
Alerts & BugsSonicWALL
Home›Alerts & Bugs›SonicWall DoS & XSS Vulnerabilities

SonicWall DoS & XSS Vulnerabilities

By admin
19/10/2020
2272
0
Share:
SonicWall Logo

DESCRIPTION:

The SonicWall Product Security Incident Response Team (PSIRT) collaborated with a third-party research firm to test, confirm and correct discovered vulnerabilities related to physical and virtual SonicWall next-generation firewall appliances. These findings included:

  • In some cases, vulnerabilities allowed remote attackers to cause Denial of Service (DoS) attacks against a firewall, which may lead to an appliance crash.
  • In some cases, there existed a cross-site scripting (XSS) vulnerability in the firewall’s SSL-VPN portal as well as possible username enumeration of firewall administrators.

At this time, SonicWall is not aware of any of the addressed vulnerabilities being exploited or that any customer has been impacted.

SonicWall’s extensive analysis lead to the discovery of 11 unique vulnerabilities requiring Common Vulnerabilities and Exposures (CVE) listings based on the Common Vulnerability Scoring System (CVSS), which were published the week of October 12, 2020.

The PSIRT team worked to duplicate the issues and develop, test and release patches for the affected firewall products. Each SonicOS/X release indicated below is already patched and webposted, and also includes release notes for further information. SMA 100 and 1000 series products are not affected.

Any customer using an impacted firewall product will need to upgrade the firmware. A valid support contract is not required to upgrade.

 TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?



The following is a summary of 11 CVEs published by SonicWall PSIRT :

  • CVE-2020-5133 & CVE-2020-5135: : Allow unauthenticated/authenticated attacker to cause Denial of Service (Dos) due to buffer overflow, which leads to a firewall crash.
  • CVE-2020-5134: Out-of-bound invalid file reference condition allows remote attacker to crash the firewall.
  • CVE-2020-5136 & CVE-2020-5137: Using firewall SSL-VPN port, an unauthenticated/authenticated attacker can cause Denial of Service (DoS), which may lead to firewall crash.
  • CVE-2020-5138:  Heap overflow allows remote attacker to crash firewall using firewall SSL-VPN port.
  • CVE-2020-5139: Release of invalid pointer condition allows remote attacker to cause Denial of Service (DoS) attack against firewall.
  • CVE-2020-5140: Memory address leak in the HTTP server response; condition allows remote attacker to cause Denial of Service (DoS) attack against firewall.
  • CVE-2020-5141: Allows unauthenticated remote attacker to brute force Virtual Assist ticket ID.
  • CVE-2020-5142: Cross-site-scripting (XSS) vulnerability in the SSL-VPN portal.
  • CVE-2020-5143: Allows User Enumeration; it is possible to enumerate firewall administrator username based on the login error message displayed on the SSL-VPN login page.

Impacted Products & Upgrade Path

 NOTE: SonicWall customers using any of the impacted firewall products should log in to MySonicWall.com via their authorized credentials and download the new version as outlined in the table below. To learn how to upgrade the firmware of your SonicWall device, please refer to: How Can I Upgrade SonicOS Firmware?

FIXED VERSIONAFFECTED PLATFORMSAPPLICABLE CVES
 SonicOS 6.5.4.7-83n ·        TZ (300, 300P, 350, 400, 500, 600, 600P, 300W, 350W, 400W, 500W)·        SOHO (250, 250W)·        NSA (2600, 3600, 4600, 5600, 6600)·        NSa (2650, 3650, 4650, 5650, 6650, 9250, 9450, 9650)·        SuperMassive
(9200, 9400, 9600) 

Eight (8) Total CVEs
 ·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5143 
 SonicOS 5.9.2.7-5o ·        TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W·        SOHO·        NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510) Seven (7) Total CVEs ·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5143  
 SonicOS 5.9.2.13-7o ·        TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W)·        SOHO·        NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510)  Seven (7) Total CVEs ·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5143
 SonicOS 6.5.1.12-1n ·        SuperMassive (9800)·        NSsp (12400, 12800) Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143 
 SonicOS 6.0.5.3-94o ·        SuperMassive
(10200, 10400, 10800)
 Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143
 SonicOS 6.5.4.v-21s-987 ·        NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) on VMware, Hyper-V, KVM·        NSv (200, 400, 800, 1600) on AWS, AWS-PAYG, Azure  Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143
 Gen7 7.0.0.0-2 ·        TZ (570, 570P, 570W, 670)·        NSv (270, 470, 870)·        NSsp (15700) Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143 


 TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?

Previous Article

Local Government Secures Operations From Data Center ...

Next Article

Barracuda named a Challenger in 2020 Gartner ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • WatchGuard logo
    Alerts & BugsWatchGuard

    SolarWinds Hack and the FireEye Breach: Important Information

    16/12/2020
    By admin
  • Alerts & BugsTrendMicro

    Trend Micro Worry-Free Business Security Services Systems Upgrade for AWS Migration

    14/05/2020
    By admin
  • Sophos Logo
    Alerts & BugsSophos

    Sophos: Important Product Lifecycle Reminder

    03/02/2022
    By admin
  • Sophos Logo
    Alerts & BugsSophos

    Advisory: Multiple Vulnerabilities (AKA 21Nails) in Exim

    11/05/2021
    By admin
  • Alerts & BugsTrendMicro

    Removal of Trend Micro Worry-Free Business Security Services (WFBS-SVC) Security Agent Upgrade Settings for Hotfix Deployment

    04/06/2021
    By admin
  • SonicWall Logo
    Alerts & BugsSonicWALL

    Urgent Security Notice: NetExtender VPN Client 10.X, SMA 100 Series Vulnerability [Updated Jan. 23, 2021]

    25/01/2021
    By admin

  • Fortinet
    FortinetNews

    Fortinet Introduces Self-Learning Artificial Intelligence Appliance for Sub-Second Threat Detection

  • News

    Growing confidence and emerging gaps in cloud security

  • SonicWall Logo
    News

    SonicWall Launches New Partner Enabled Services Program, Accelerates Revenue Opportunities for All SecureFirst Partners While Improving Customer Service

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home