Updated with notes from Positive Technologies and SonicWall
SonicOS, the operating system at the heart of the SonicWall range of network security devices, has been struck by a vulnerability that affects its SSL VPN login page. The vulnerability affects various versions of Sonic OS, including iterations of Gens 5, 6 and 7.
According to SonicWall’s own Security Advisory, the vulnerability allows an unauthenticated attacker to conduct firewall management administration username enumeration based on the server response.
Vulnerabilities are particularly damaging for security suppliers like SonicWall. If such an organization cannot safeguard against its own vulnerabilities, customer confidence is sure to plummet.
Nikita Abramov researcher at Positive Technologies explained: "The tested solution uses a SSL-VPN remote access service on firewalls, and users can be disconnected from internal networks and their workstations in case of a DoS attack. If attackers manage to execute arbitrary code, they may be able to develop an attack and penetrate the company's internal networks."
"This is best practice for vendor-researcher collaboration in the modern era," said SonicWall's Aria Eslambolchizadeh, Head of Quality Engineering. "These types of open and transparent relationships protect the integrity of the online landscape, and ensure better protection from advanced threats and emerging vulnerabilities before they impact end users, as was the case here."
- The best endpoint protection software available today
- Popular VPN closes critical vulnerability on Linux client
- The best cloud firewall for your business
Brute force
User enumeration vulnerabilities usually appear when a cyberattacker employs brute force to gain entry to a network or system. Often an error with the functionality of the login page provides attackers with clues that they can then use to essentially guess the correct user credentials.
In this instance, attackers are able to enumerate administrator usernames only.
SonicWall has gained a strong reputation for providing next-generation firewalls and other security solutions. One of its core products is its SSL VPN NetExtender, which allows remote users to connect and run any application on an organization’s network.
As the business world has become more mobile, remote access to sensitive company data and applications has become increasingly important. An SSL VPN aims to provide the access required without compromising on security.
The discovery of a new SSL VPN vulnerability affecting SonicOS is particularly worrying, therefore, for any organization that relies on the operating system for protection. If an attacker was able to gain administrative access to a company’s firewall management, it could potentially open the door to further malicious action later on.
Update:
SonicWall has since provided TechRadar Pro with the following statement:
"SonicWall is dedicated to protecting and securing our customers’ networks, businesses and brand. In early September, the SonicWall Product Security Incident Response Team (PSIRT) was alerted to a potential domain name collision vulnerability in our SSL-VPN technology."
"This incident was immediately investigated, and we worked diligently with our security team to mitigate the issue. The vulnerability and fix have been communicated to our customers and partners through SonicWall’s standard processes. SonicWall is not aware that the vulnerability has been exploited or that any customer has been impacted."
