- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
- Access Security
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Network Security ManagerModern Security Management for today’s security landscape
- Access Security
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
SonicWall DoS & XSS Vulnerabilities
10/22/2020
DESCRIPTION:
The SonicWall Product Security Incident Response Team (PSIRT) collaborated with a third-party research firm to test, confirm and correct discovered vulnerabilities related to physical and virtual SonicWall next-generation firewall appliances. These findings included:
- In some cases, vulnerabilities allowed remote attackers to cause Denial of Service (DoS) attacks against a firewall, which may lead to an appliance crash.
- In some cases, there existed a cross-site scripting (XSS) vulnerability in the firewall's SSL-VPN portal as well as possible username enumeration of firewall administrators.
At this time, SonicWall is not aware of any of the addressed vulnerabilities being exploited or that any customer has been impacted.
SonicWall’s extensive analysis lead to the discovery of 11 unique vulnerabilities requiring Common Vulnerabilities and Exposures (CVE) listings based on the Common Vulnerability Scoring System (CVSS), which were published the week of October 12, 2020.
The PSIRT team worked to duplicate the issues and develop, test and release patches for the affected firewall products. Each SonicOS/X release indicated below is already patched and webposted, and also includes release notes for further information. SMA 100 and 1000 series products are not affected.
Any customer using an impacted firewall product will need to upgrade the firmware. A valid support contract is not required to upgrade.
TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?
The following is a summary of 11 CVEs published by SonicWall PSIRT :
- CVE-2020-5133 & CVE-2020-5135: : Allow unauthenticated/authenticated attacker to cause Denial of Service (Dos) due to buffer overflow, which leads to a firewall crash.
- CVE-2020-5134: Out-of-bound invalid file reference condition allows remote attacker to crash the firewall.
- CVE-2020-5136 & CVE-2020-5137: Using firewall SSL-VPN port, an unauthenticated/authenticated attacker can cause Denial of Service (DoS), which may lead to firewall crash.
- CVE-2020-5138: Heap overflow allows remote attacker to crash firewall using firewall SSL-VPN port.
- CVE-2020-5139: Release of invalid pointer condition allows remote attacker to cause Denial of Service (DoS) attack against firewall.
- CVE-2020-5140: Memory address leak in the HTTP server response; condition allows remote attacker to cause Denial of Service (DoS) attack against firewall.
- CVE-2020-5141: Allows unauthenticated remote attacker to brute force Virtual Assist ticket ID.
- CVE-2020-5142: Cross-site-scripting (XSS) vulnerability in the SSL-VPN portal.
- CVE-2020-5143: Allows User Enumeration; it is possible to enumerate firewall administrator username based on the login error message displayed on the SSL-VPN login page.
Impacted Products & Upgrade Path
NOTE: SonicWall customers using any of the impacted firewall products should log in to MySonicWall.com via their authorized credentials and download the new version as outlined in the table below. To learn how to upgrade the firmware of your SonicWall device, please refer to: How Can I Upgrade SonicOS Firmware?
FIXED VERSION | AFFECTED PLATFORMS | APPLICABLE CVES |
SonicOS 6.5.4.7-83n |
· TZ (300, 300P, 350, 400, 500, 600, 600P, 300W, 350W, 400W, 500W) · SOHO (250, 250W) · NSA (2600, 3600, 4600, 5600, 6600) · NSa (2650, 3650, 4650, 5650, 6650, 9250, 9450, 9650) · SuperMassive
|
· CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5143
|
SonicOS 5.9.2.7-5o |
· TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W · SOHO · NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510) |
Seven (7) Total CVEs
· CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5143
|
SonicOS 5.9.2.13-7o |
· TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W) · SOHO · NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510)
|
Seven (7) Total CVEs
· CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5143 |
SonicOS 6.5.1.12-1n |
· SuperMassive (9800) · NSsp (12400, 12800) |
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143
|
SonicOS 6.0.5.3-94o |
· SuperMassive |
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143 |
SonicOS 6.5.4.v-21s-987 |
· NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) on VMware, Hyper-V, KVM · NSv (200, 400, 800, 1600) on AWS, AWS-PAYG, Azure
|
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143 |
Gen7 7.0.0-Rxxx (pre-production beta units only; not commercially available) |
· TZ (570, 570P, 570W, 670) · NSv (270, 470, 870) · NSsp (15700) |
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143
|
TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?