Analyzing SonicWall’s Unsuccessful Fix for CVE-2020-5135

By Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team

Back in September 2020, I configured a SonicWall network security appliance to act as a VPN gateway between physical devices in my home lab and cloud resources on my Azure account. As I usually do with new devices on my network, I did some cursory security analysis of the product and it didn’t take long before I had identified what looked like a buffer overflow in response to an unauthenticated HTTP request. I quickly reported the issue to SonicWall’s PSIRT on September 18 and received a same day response that my report was a duplicate of another report they had received. When the advisory was ultimately published, I learned that the other report was one out of 11 from Nikita Abramov with Positive Technologies. In this post, I will discuss some aspects of the vulnerabilities I found, my interactions with SonicWall PSIRT, and some general thoughts about vulnerability handling and disclosure.

Read more…
Source: Tripwire