SonicWall issues another fix for botched VPN patch

SonicWall has been compelled to subject one other patch to repair a vulnerability that was initially reported in September 2020 and affected over 800,000 SonicWall VPNs.

Initially tagged and handled as CVE-2020-5135, the problem was recognized as a vital stack-based Buffer Overflow vulnerability that reportedly may very well be exploited by distant attackers to execute arbitrary code on the impacted units, or trigger Denial of Service (DoS).

Cybersecurity solutions provider SonicWall released a fix to patch the vulnerability in October 2020. However, as it turns out, the fix wasn’t properly coded and in fact caused a memory dump issue causing SonicWall to get back to the drawing board to address the issue, which has now been fixed.

Craig Young, security researcher at TripWire, who was co-credited along with Nikita Abramov of Positive Technologies, as the discoverer for the CVE-2020-5135 vulnerability, has published a detailed account of his interactions with SonicWall for fixing the “botched repair.”

Higher late than by no means

Younger shares that he seen that one thing was amiss with the October patch for CVE-2020-5135 and alerted SonicWall on October 6.

“On October 9, SonicWall confirmed my expectation that this was the results of an improper repair for CVE-2020-5135 and advised me that the patched firmware variations had already began to change into accessible on mysonicwall.com in addition to through Azure,” writes Younger.

He claims that though SonicWall had shared an advisory for the patched repair, now tracked as CVE-2021-20019 again in October 2020 itself, it wasn’t till a number of months later in June 2021 that the advisory was made public and the repair pushed to prospects.

  • We have additionally put collectively an inventory of one of the best VPN options accessible

Through Bleeping Computer