A new flaw found by the Tripwire VERT security team, impacts SonicWall Network Security Appliance’s operating system, SonicOS. The bug in the SonicOS is found in a component that handles custom protocols. The component is exposed on the public internet, allowing attackers to exploit it and remote code execution.
795,357 SonicWall VPNs vulnerable
The flaw is tracked as CVE-2020-5135 and Tripwire VERT security researcher Craig Young stated that the company identified almost 800,000 SonicWall VPNs online. The bug had a rating of 9.4 out of 10 and it was patched by the SonicWall team shortly after the security firm reported it to the company. The company also stated that they are not aware of any exploit or any customer has been affected by the bug.
The following versions include a fix for the bug:
- SonicOS 184.108.40.206-83n
- SonicOS 220.127.116.11-1n
- SonicOS 18.104.22.168-94o
- SonicOS 6.5.4.v-21s-987
- Gen 7 22.214.171.124-2 and onwards