Sonicwall SonicOS: Network attackers can cripple the firewall

The vulnerabilities in the SonicOS operating system for SonicWall firewalls allow an attacker from the network to cripple the firewall through a denial-of-service attack. It also allows testing of multi-factor authentication codes. The manufacturer provides updates and workarounds to reduce vulnerabilities.

Sonicwall: Two of the weak points in firewalls

The first vulnerability received a high degree of risk. According to the Sonicwall Security Consulting It is a stack-based buffer overrun that can be used by unauthorized attackers to trigger a denial of service. Then the affected firewall crashes. Sonicwall doesn’t explain exactly what the attack looks like, whether it requires tampered network packets or carefully crafted requests to the web interface (CVE-2023-0656, CVSS 7.5risk”high“).

For the second vulnerability, SonicOS SSLVPN allows attackers with valid credentials to overtest multifactor authentication codes. The deceleration limit is insufficient. Provides more details about the gap Sonicwall in the security notice Not (CVE-2023-1101, CVSS 4.3And middle).

Updates are available from Sonicwall for affected devices for the TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6770, NSv 0NS 100, NS 03 100 470 and NSv 870 – SonicOS 7.0.1-5111 and bug fixes. To obtain the Sonicwall NSsp 15700 hotfix, IT managers should contact Sonicwall Support. Updates for the affected models NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300, NSv 400, NSv 800 and NSv 1600 are still pending. Anyone who cannot yet apply a DoS update should restrict access to the SonicOS management interface to trustworthy sources in the form of IP addresses.

The MFA vulnerability also affects SOHOW, SOHO 250, SOHO 250W, TZ300, TZ300P, TZ300W, TZ350, TZ350W, TZ400, TZ400W, TZ500, TZ500W, TZ600, TZ600P, NSA 2600, NSA3600, SM NSA4204600 and SM180204600 and SM180204600 devices. , SM10400, SM10800, NSsp12400, NSsp12800, NSa 2650, NSa3650, NSa4650, NSa5650, NSa6650, NSa9250, NSa9450, NSa9650. Sonicwall does not provide updated software for this, and the manufacturer cannot provide a (temporary) countermeasure against the vulnerability. However, Sonicwall states that these devices are not affected by the DoS vulnerability.

(DMK)