fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SonicWall Bug That Affected 800K Firewalls Was Only Partially Fixed

SonicWall Bug That Affected 800K Firewalls Was Only Partially Fixed

New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which was initially thought to have been patched.

In October last year, a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, was discovered affecting over 800,000 SonicWall VPNs.

When exploited, the vulnerability allows unauthenticated remote attackers to execute arbitrary code on the impacted devices, or cause Denial of Service (DoS).

Turns out, the vulnerability was not properly patched—until now.

As such a new vulnerability identifier, CVE-2021-20019 has been assigned to the flaw.

SonicWall bug in 800K VPN firewalls was only partially fixed

In October last year, BleepingComputer reported on a critical stack-based Buffer Overflow vulnerability in SonicWall VPN firewalls.

The vulnerability, tracked as CVE-2020-5135, was present in versions of SonicOS, ran by over 800,000 active SonicWall devices.

Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT), and Nikita Abramov of Positive Technologies were initially credited with discovering and reporting the vulnerability.

But, now, Tripwire has reached out to BleepingComputer, claiming the previously made fix for the flaw was “unsuccessful.”

The critical buffer overflow vulnerability lets an attacker send a malicious HTTP request to the firewall to cause a Denial of Service (DoS) or execute arbitrary code.

After a series of emails between Tripwire researcher Young and SonicWall, the vulnerability was eventually treated as a problem and patched.

But later on, the researcher retested his proof-of-concept (PoC) exploit against SonicWall instances and concluded that the fix was “botched.”

“I decided to spin up a SonicWall instance on Azure to confirm how it responded to my proof-of-concept exploit.”

Also Read: 3 Reasons Why You Must Take a PDPA Singapore Course

“In the past, when researching network appliances, I have observed differences in vulnerable behavior between virtual and physical systems.”

“In some past research, I have observed differences in vulnerable behavior related to hardware-based acceleration utilizing a separate code path,”  says Young in a blog post.

The Tripwire researcher was surprised to notice, however, that in this case, his PoC exploit didn’t trigger a system crash—but a flood of binary data in the HTTP response instead:

memory dump analyzed by Tripwire
HTTP response returning the binary response (bottom right)
Source: Tripwire

This is when Young reached out to SonicWall again for a remedy.

Young states that the binary data returned in the HTTP responses could be memory addresses.

“Although I never observed recognizable text in the leaked memory, I believe this output could vary based on how the target system is used.”

“I also suspect that the values in my output are in fact memory addresses which could be a useful information leak for exploiting an RCE bug,” said the researcher.

After reporting this to SonicWall on October 6th, 2020, the researcher sent a few more follow-ups; twice in March 2021.

Eventually, according to Young, SonicWall’s PSIRT stated:

“This [vulnerability has] been assigned CVE-2021-20019 and a patch would be released in [early 2021.]”

BleepingComputer reached out to SonicWall for a comment and we were told:

“SonicWall is active in collaborating with third-party researchers, security vendors and forensic analysis firms to ensure its products meet or exceed expected security standards.”

“Through the course of this practice, SonicWall was made aware of, verified, tested and patched a non-critical buffer overflow vulnerability that impacted versions of SonicOS.”

“SonicWall is not aware of this vulnerability being exploited in the wild. As always, SonicWall strongly encourages organizations maintain patch diligence for all security products,” a SonicWall spokesperson told BleepingComputer.

Also Read: The Difference Between GDPR and PDPA Under 10 Key Issues

SonicWall has now released advisories [12] related to this vulnerability today, with further information on the fixed versions.

Although most versions have a patch available, platforms including NSsp 12K, SuperMassive 10k, and SuperMassive 9800 are awaiting a patch release.

As such, SonicWall customers are advised to monitor the advisory pages for updates.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us