Out-Of-Bound Read Vulnerability

First Published:07/07/2021 Last Updated:07/08/2021

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a crash or potentially read sensitive information from the memory locations.


Overview

SonicWall Switches running certain versions of impacted firmware may contain a vulnerability that could be leveraged for an OOB (Out-Of-Bounds) read by sending a specially crafted LLDP packet.


Impact

Out-of-bounds Read allow attackers to cause a SonicWall switch crash or potentially read sensitive information from other memory locations. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NULL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. A subsequent read operation then produces unspecified or unexpected results.


Affected Software
ProductModelsAffected Version
SonicWall SwitchSWS14-48FPOE, SWS14-48, SWS14-24FPOE, SWS14-24, SWS12-10FPOE, SWS12-8POE, SWS12-81.0.0.5-16 and earlier


Threats

SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public, and malicious use of this vulnerability have not been reported to SonicWall.


Resolution

In the table below, find the impacted SonicWall Switch model.  If you are utilizing an in-scope model impacted by this vulnerability, download the fixed firmware version from MySonicWall, and update the SonicWall Switch.


NOTE: SonicWall Switch build 1.1.0.0-11s is also available on firewall integrated switches and Wireless Network Manager (WNM) integrated switches for upgrade.

Fixed Software
ProductModelsFixed Version
SonicWall SwitchSWS14-48FPOE, SWS14-48, SWS14-24FPOE, SWS14-24, SWS12-10FPOE, SWS12-8POE, SWS12-81.1.0.0-11s and higher

Trace:0981bd95f32945e4467f8723afb65d56-68