Dell Technologies published new Critical Security Advisories to its SonicWall Vulnerability List, adding two critical issues impacting the Spring Framework of the SonicWall firewall. There is no workaround available at this time.
Since the Dell SonicWall firewall is widely deployed, particularly with SMBs, powersolution is reiterating this vulnerability. Organizations who have or plan to deploy this firewall should be aware of its vulnerability and follow the SonicWall advisory preventative measures.
What you need to know about SonicWall Vulnerabilities:
- A buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS).
- Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
- When using routing functionality it is possible for a user to execute arbitrary code outside the scope of a program’s implicit security policy.
- Execution of unauthorized code may provide access to your local resources to malicious actors and can be used to corrupt any other security service.
- Remote code execution vulnerability (via data binding) being more general in its nature may be susceptible to other ways to exploit it.
How to Reduce the SonicWall Vulnerability Risk
Small businesses that have implemented enhanced multi-layered Cloud-based protections would significantly reduce the risks of being impacted by this type of firewall appliance vulnerability.
Our Next-Generation Cloud-Based Firewall, an integral part of Secure Global Network (SGN), protects both in-office and remote workers from any Internet location. SGN uses advanced traffic filtering, interacting seamlessly with approximately a dozen other multi-layered IT security functions.
It is an ideal security solution for any SMB or organization.
The SonicWall Product Security Incident Response Team (PSIRT) strongly recommends that administrators limit SonicOS management access to trusted sources by modifying the existing SonicOS Management access rules.
Unauthenticated Stack-Based Buffer Overflow SonicOS Vulnerability and Spring Remote Code Execution Vulnerability are both very critical, both rated over 9 out of 10 on level of impact.
If you have questions regarding the Dell SonicWall firewall or other IT/Network Security issues, please, let us know.