Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a crash or potentially read sensitive information from the memory locations.
SonicWall Switches running certain versions of impacted firmware may contain a vulnerability that could be leveraged for an OOB (Out-Of-Bounds) read by sending a specially crafted LLDP packet.
Out-of-bounds Read allow attackers to cause a SonicWall switch crash or potentially read sensitive information from other memory locations. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NULL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. A subsequent read operation then produces unspecified or unexpected results.
SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public, and malicious use of this vulnerability have not been reported to SonicWall.
In the table below, find the impacted SonicWall Switch model. If you are utilizing an in-scope model impacted by this vulnerability, download the fixed firmware version from MySonicWall, and update the SonicWall Switch.
NOTE: SonicWall Switch build 18.104.22.168-11s is also available on firewall integrated switches and Wireless Network Manager (WNM) integrated switches for upgrade.