#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Sonicwall | Breaking Cybersecurity News | The Hacker News

Category — Sonicwall
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

Sep 06, 2024 Network Security / Threat Detection
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash," SonicWall said in an updated advisory. With the latest development, the company has revealed that CVE-2024-40766 also impacts the firewall's SSLVPN feature. The issue has been addressed in the below versions - SOHO (Gen 5 Firewalls) - 5.9.2.14-13o Gen 6 Firewalls - 6.5.2.8-2n (for SM9800, NSsp 12400, and NSsp 12800) and 6.5.4.15.116n (for other Gen 6 Firewall appliances) The network security vendor has since updated the bulletin to reflect the p
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Jan 16, 2024 Vulnerability / Network Security
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern," Jon Williams, a senior security engineer at Bishop Fox,  said  in a technical analysis shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2022-22274  (CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall. CVE-2023-0656  (CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash. While there are no reports of exploitation of the flaws
cyber security

Online Master's in Applied Intelligence

websiteGeorgetown UniversityCyber Security
More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.
Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Dec 27, 2023 Zero-Day / Vulnerability
A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as  CVE-2023-51467 , resides in the login functionality and is the result of an incomplete patch for another critical vulnerability ( CVE-2023-49070 , CVSS score: 9.8) that was released earlier this month. "The  security measures  taken to patch CVE-2023-49070 left the root issue intact and therefore the authentication bypass was still present," the SonicWall Capture Labs threat research team, which discovered the bug,  said  in a statement shared with The Hacker News. CVE-2023-49070 refers to a pre-authenticated remote code execution flaw impacting versions prior to 18.12.10 that, when successfully exploited, could allow threat actors to gain full control over the server and siphon sensitive data. It is caused due to a deprecated XML-RPC component within Apache
cyber security

Permiso Security's 2024 State of Identity Security Report

websitePermisoThreat Detection / Identity Security
More than 90% of respondents expressed concern over their team and tooling's ability to detect identity-based attacks. Learn about critical gaps in security programs and what environments pose the most risk to security teams. Download the Report.
New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products

New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products

Jul 13, 2023 Network Security / Vulnerability
SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information. Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four are rated Critical, four are rated High, and seven are rated Medium in severity. The vulnerabilities were disclosed by NCC Group. The flaws impact on-premise versions of GMS 9.3.2-SP1 and before and Analytics 2.5.0.4-R7 and before. Fixes are available in versions GMS 9.3.3 and Analytics 2.5.2. "The suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve," SonicWall  said . "This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or dele
China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

Mar 10, 2023 Network Security / Cyber Threat
A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall  Secure Mobile Access (SMA) 100 appliances  to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades," cybersecurity company Mandiant  said  in a technical report published this week. The Google-owned incident response and threat intelligence firm is tracking the activity under its uncategorized moniker  UNC4540 . The malware – a collection of bash scripts and a single ELF binary identified as a TinyShell backdoor – is engineered to grant the attacker privileged access to SonicWall devices. The overall objective behind the custom toolset appears to be credential theft, with the malware permitting the adversary to siphon cryptographically hashed credentials from all logged-in users. It further provides shell access to the compromised device. Mandiant also called out th
SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

Jul 22, 2022
Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as  CVE-2022-22280 , is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special elements" used in an SQL command that could lead to an unauthenticated SQL injection. "Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data," MITRE  notes  in its description of SQL injection. "This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands." H4lo and Catalpa of DBappSecurity HAT Lab have been credited with discov
SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

May 14, 2022
SonicWall has published an  advisory  warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below - CVE-2022-22282  (CVSS score: 8.2) - Unauthenticated Access Control Bypass CVE-2022-1702  (CVSS score: 6.1) - URL redirection to an untrusted site (open redirection) CVE-2022-1701  (CVSS score: 5.7) - Use of a shared and hard-coded cryptographic key Successful exploitation of the aforementioned bugs could allow an attacker to unauthorized access to internal resources and even redirect potential victims to malicious websites. Tom Wyatt of the Mimecast Offensive Security Team has been credited with discovering and reporting the vulnerabilities. SonicWall noted that the flaws do not affect SMA 1000 series running versions earlier than 12.4.0, SM
Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances

Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances

Mar 30, 2022
SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as  CVE-2022-22274  (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that could be triggered by sending a specially crafted HTTP request, leading to remote code execution or DoS. The flaw impacts 31 different SonicWall Firewall devices running versions 7.0.1-5050 and earlier, 7.0.1-R579 and earlier, and 6.5.4.4-44v-21-1452 and earlier. ZiTong Wang of Hatlab has been credited with reporting the issue. The network security company  said  it's not aware of any instance of active exploitation in the wild leveraging the weakness, and that no proof-of-concept (PoC) or malicious use of the vulnerability has been publicly reported to date. That said, users of the a
SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws

SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws

Dec 09, 2021
Network security vendor SonicWall is  urging  customers to update their SMA 100 series appliances to the latest version following the discovery of multiple security vulnerabilities that could be abused by a remote attacker to take complete control of an affected system. The flaws impact SMA 200, 210, 400, 410, and 500v products running versions 9.0.0.11-31sv and earlier, 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier. The San Jose-based company credited security researchers Jake Baines (Rapid7) and Richard Warren (NCC Group) for discovering and reporting the shortcomings. The list of  eight security vulnerabilities  identified in its remote access products is as follows - CVE-2021-20038  (CVSS score: 9.8) - SMA100 Series unauthenticated stack-based buffer overflow vulnerability CVE-2021-20039  (CVSS score: 7.2) - SMA 100 Series authenticated command injection vulnerability as root CVE-2021-20040  (CVSS score: 6.5) - SMA 100 Series unauthenticated file upload path trave
SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

Sep 25, 2021
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as  CVE-2021-20034 , the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an adversary to bypass path traversal checks and delete any file, causing the devices to reboot to factory default settings. "The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as 'nobody,'" the San Jose-based firm  noted  in an advisory published Thursday. "There is no evidence that this vulnerability is being exploited in the wild." SonicWall credited Wenxu Yin of Alpha Lab, Qihoo 360, with reporting the security shortcoming, which impacts SMA 100 Series — SMA 200, SMA 210,
Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances

Jul 15, 2021
Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. The warning comes more than a month after reports emerged that remote access vulnerabilities in SonicWall SRA 4600 VPN appliances ( CVE-2019-7481 ) are being exploited as an initial access vector for ransomware attacks to breach corporate networks worldwide. "SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials," the company  said . "The exploitation targets a known vulnerability that has been patched in newer versions of firmware." SMA 1000 series products are not affected by the flaw, SonicWall noted, urging businesse
SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks

Jun 23, 2021
A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be "botched," with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified in an update rolled out to SonicOS on June 22.  Tracked as  CVE-2021-20019  (CVSS score: 5.3), the vulnerability is the consequence of a memory leak when sending a specially-crafted unauthenticated HTTP request, culminating in information disclosure. It's worth noting that SonicWall's decision to hold back the patch comes amid  multiple   zero-day   disclosures  affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS. Howevere, there is no evidence that the flaw is being exploited in the wild. Memory Dump PoC "SonicWal
3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

Apr 21, 2021
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the  flaws  were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on an internet-accessible system within a customer's environment that had SonicWall's ES application running on a Windows Server 2012 installation. A third flaw (CVE-2021-20023) identified by FireEye was disclosed to SonicWall on April 6, 2021. FireEye is tracking the malicious activity under the moniker UNC2682. "These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device," researchers Josh Fleischer, Chris DiGiamo, and Alex Pennino  said . The adversary leveraged these vulnerabilities, with intimate
Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices

Hackers Exploiting Critical Zero-Day Bug in SonicWall SMA 100 Devices

Feb 02, 2021
SonicWall on Monday warned of active exploitation attempts against a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series devices. The flaw, which affects both physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v), came to light after the NCC Group on Sunday  alerted  it had detected "indiscriminate use of an exploit in the wild." Details of the exploit have not been disclosed to prevent the zero-day from being misused further, but a patch is expected to be available by the end of day on February 2, 2021. "A few thousand devices are impacted," SonicWall  said  in a statement, adding, "SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability." On January 22, The Hacker News exclusively  revealed  that SonicWall had been breached as a consequence of a coordinated attack on its internal systems by exploiting "probable zero-day vulnerabilities" in its SMA 100 series remote acc
Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Jan 23, 2021
SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access ( SMA ) that are used to provide users with remote access to internal resources. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company exclusively told The Hacker News. The development comes after The Hacker News received reports that SonicWall's internal systems went down earlier this week on Tuesday and that the source code hosted on the company's GitLab repository was accessed by the attackers. SonicWall wouldn't confirm the re
Expert Insights / Articles Videos
Cybersecurity Resources