Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a crash or potentially read sensitive information from the memory locations.
Overview
SonicWall Switches running certain versions of impacted firmware may contain a vulnerability that could be leveraged for an OOB (Out-Of-Bounds) read by sending a specially crafted LLDP packet.
Impact
Out-of-bounds Read allow attackers to cause a SonicWall switch crash or potentially read sensitive information from other memory locations. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NULL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. A subsequent read operation then produces unspecified or unexpected results.
Affected Software | ||
Product | Models | Affected Version |
SonicWall Switch | SWS14-48FPOE, SWS14-48, SWS14-24FPOE, SWS14-24, SWS12-10FPOE, SWS12-8POE, SWS12-8 | 1.0.0.5-16 and earlier |
Threats
SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public, and malicious use of this vulnerability have not been reported to SonicWall.
Resolution
In the table below, find the impacted SonicWall Switch model. If you are utilizing an in-scope model impacted by this vulnerability, download the fixed firmware version from MySonicWall, and update the SonicWall Switch.
NOTE: SonicWall Switch build 1.1.0.0-11s is also available on firewall integrated switches and Wireless Network Manager (WNM) integrated switches for upgrade.
Fixed Software | ||
Product | Models | Fixed Version |
SonicWall Switch | SWS14-48FPOE, SWS14-48, SWS14-24FPOE, SWS14-24, SWS12-10FPOE, SWS12-8POE, SWS12-8 | 1.1.0.0-11s and higher |