Skip to content
October 19, 2020

SonicWall DoS & XSS Vulnerabilities

DESCRIPTION:

The SonicWall Product Security Incident Response Team (PSIRT) collaborated with a third-party research firm to test, confirm and correct discovered vulnerabilities related to physical and virtual SonicWall next-generation firewall appliances. These findings included:

  • In some cases, vulnerabilities allowed remote attackers to cause Denial of Service (DoS) attacks against a firewall, which may lead to an appliance crash.
  • In some cases, there existed a cross-site scripting (XSS) vulnerability in the firewall's SSL-VPN portal as well as possible username enumeration of firewall administrators.

At this time, SonicWall is not aware of any of the addressed vulnerabilities being exploited or that any customer has been impacted.

SonicWall’s extensive analysis lead to the discovery of 11 unique vulnerabilities requiring Common Vulnerabilities and Exposures (CVE) listings based on the Common Vulnerability Scoring System (CVSS), which were published the week of October 12, 2020.

The PSIRT team worked to duplicate the issues and develop, test and release patches for the affected firewall products. Each SonicOS/X release indicated below is already patched and webposted, and also includes release notes for further information. SMA 100 and 1000 series products are not affected.

Any customer using an impacted firewall product will need to upgrade the firmware. A valid support contract is not required to upgrade.

 TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?



The following is a summary of 11 CVEs published by SonicWall PSIRT :

  • CVE-2020-5133 & CVE-2020-5135: : Allow unauthenticated/authenticated attacker to cause Denial of Service (Dos) due to buffer overflow, which leads to a firewall crash.
  • CVE-2020-5134: Out-of-bound invalid file reference condition allows remote attacker to crash the firewall.
  • CVE-2020-5136 & CVE-2020-5137: Using firewall SSL-VPN port, an unauthenticated/authenticated attacker can cause Denial of Service (DoS), which may lead to firewall crash.
  • CVE-2020-5138:  Heap overflow allows remote attacker to crash firewall using firewall SSL-VPN port.
  • CVE-2020-5139: Release of invalid pointer condition allows remote attacker to cause Denial of Service (DoS) attack against firewall.
  • CVE-2020-5140: Memory address leak in the HTTP server response; condition allows remote attacker to cause Denial of Service (DoS) attack against firewall.
  • CVE-2020-5141: Allows unauthenticated remote attacker to brute force Virtual Assist ticket ID.
  • CVE-2020-5142: Cross-site-scripting (XSS) vulnerability in the SSL-VPN portal.
  • CVE-2020-5143: Allows User Enumeration; it is possible to enumerate firewall administrator username based on the login error message displayed on the SSL-VPN login page.

Impacted Products & Upgrade Path

 NOTE: SonicWall customers using any of the impacted firewall products should log in to MySonicWall.com via their authorized credentials and download the new version as outlined in the table below. To learn how to upgrade the firmware of your SonicWall device, please refer to: How Can I Upgrade SonicOS Firmware?

FIXED VERSION AFFECTED PLATFORMS APPLICABLE CVES
 SonicOS 6.5.4.7-83n  ·        TZ (300, 300P, 350, 400, 500, 600, 600P, 300W, 350W, 400W, 500W)·        SOHO (250, 250W)·        NSA (2600, 3600, 4600, 5600, 6600)·        NSa (2650, 3650, 4650, 5650, 6650, 9250, 9450, 9650)·        SuperMassive
(9200, 9400, 9600) 
Eight (8) Total CVEs ·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5143 
 SonicOS 5.9.2.7-5o  ·        TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W·        SOHO·        NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510)  Seven (7) Total CVEs ·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5143  
 SonicOS 5.9.2.13-7o  ·        TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W)·        SOHO·        NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510)   Seven (7) Total CVEs ·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5143
 SonicOS 6.5.1.12-1n  ·        SuperMassive (9800)·        NSsp (12400, 12800)  Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143 
 SonicOS 6.0.5.3-94o  ·        SuperMassive
(10200, 10400, 10800)		  Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143
 SonicOS 6.5.4.v-21s-987  ·        NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) on VMware, Hyper-V, KVM·        NSv (200, 400, 800, 1600) on AWS, AWS-PAYG, Azure   Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143
 Gen7 7.0.0.0-2  ·        TZ (570, 570P, 570W, 670)·        NSv (270, 470, 870)·        NSsp (15700)  Eleven (11) Total CVEs ·        CVE-2020-5133·        CVE-2020-5134·        CVE-2020-5135·        CVE-2020-5136·        CVE-2020-5137·        CVE-2020-5138·        CVE-2020-5139·        CVE-2020-5140·        CVE-2020-5141·        CVE-2020-5142·        CVE-2020-5143 


 TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?

Previous article PC Magazine Readers: SonicWall VPN Ranks High in Overall Satisfaction, Reliability, Performance
Next article PRODUCT NOTICE: SonicWall Email Security & Anti-Spam BCC Notification

More SonicWall News Posts

  • Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now
See more

Featured collection

  • SonicWall TZ270 By SonicWall - Buy Now - AU $957.60 At The Tech Geeks Australia
    SonicWall TZ270 By SonicWall - Buy Now - AU $957.60 At The Tech Geeks Australia
    Sale Sale

    SonicWall TZ270

    $957.60 - $2,986.20
    $957.60 - $2,986.20
    $2,138.97
    $957.60 - $2,986.20
    $957.60 - $2,986.20
    $957.60

    Designed for home offices and lean branches, the TZ270 series deliver industry-validated security effectiveness with best-in-class price-performanc...

    View full details
    $957.60 - $2,986.20
    $957.60 - $2,986.20
    $2,138.97
    $957.60 - $2,986.20
    $957.60 - $2,986.20
    $957.60
    Sale Sale
  • SonicWall TZ570 By SonicWall - Buy Now - AU $2885.40 At The Tech Geeks Australia
    SonicWall TZ570 By SonicWall - Buy Now - AU $2885.40 At The Tech Geeks Australia
    Sale Sale

    SonicWall TZ570

    $2,885.40 - $8,644.86
    $2,885.40 - $8,644.86
    $6,733.44
    $2,885.40 - $8,051.75
    $2,885.40 - $8,051.75
    $2,885.40

    The SonicWall TZ570 series, is the first desktop-form factor next-generation firewall (NGFW) with 5 Gigabit Ethernet interfaces.   Designed for mid...

    View full details
    $2,885.40 - $8,644.86
    $2,885.40 - $8,644.86
    $6,733.44
    $2,885.40 - $8,051.75
    $2,885.40 - $8,051.75
    $2,885.40
    Sale Sale
  • SonicWall TZ470 By SonicWall - Buy Now - AU $2031.12 At The Tech Geeks Australia
    SonicWall TZ470 By SonicWall - Buy Now - AU $2031.12 At The Tech Geeks Australia
    Sale Sale

    SonicWall TZ470

    $2,031.12 - $6,116.04
    $2,031.12 - $6,116.04
    $4,838.40
    $2,031.12 - $4,921.52
    $2,031.12 - $4,921.52
    $2,031.12

    Designed for small organizations and distributed enterprise with SD-Branch locations, the TZ470 series deliver industry-validated security effectiv...

    View full details
    $2,031.12 - $6,116.04
    $2,031.12 - $6,116.04
    $4,838.40
    $2,031.12 - $4,921.52
    $2,031.12 - $4,921.52
    $2,031.12
    Sale Sale
  • SonicWall TZ370 By SonicWall - Buy Now - AU $1362.06 At The Tech Geeks Australia
    SonicWall TZ370 By SonicWall - Buy Now - AU $1362.06 At The Tech Geeks Australia
    Sale Sale

    SonicWall TZ370

    $1,362.06 - $4,152.96
    $1,362.06 - $4,152.96
    $3,197.88
    $1,362.06 - $3,635.10
    $1,362.06 - $3,635.10
    $1,362.06

    Designed for small organizations and lean branches, the TZ370 series deliver industry-validated security effectiveness with best-in-class price-per...

    View full details
    $1,362.06 - $4,152.96
    $1,362.06 - $4,152.96
    $3,197.88
    $1,362.06 - $3,635.10
    $1,362.06 - $3,635.10
    $1,362.06
    Sale Sale
  • SonicWall TZ670 By SonicWall - Buy Now - AU $3544.38 At The Tech Geeks Australia
    SonicWall TZ670 By SonicWall - Buy Now - AU $3544.38 At The Tech Geeks Australia
    Sale Sale

    SonicWall TZ670

    $3,544.38 - $9,666.72
    $3,544.38 - $9,666.72
    $8,255.52
    $3,544.38 - $9,020.45
    $3,544.38 - $9,020.45
    $3,544.38

    The SonicWall TZ670 series, is the first desktop-form factor next-generation firewall (NGFW) with 10 Gigabit Ethernet interfaces.   Designed for mi...

    View full details
    $3,544.38 - $9,666.72
    $3,544.38 - $9,666.72
    $8,255.52
    $3,544.38 - $9,020.45
    $3,544.38 - $9,020.45
    $3,544.38
    Sale Sale
Shop collection