"Critical Vulnerability Allows Hackers to Disrupt SonicWall Firewalls"

Researchers at Tripwire and Positive Technologies discovered a critical vulnerability that impacts several versions of SonicOS, the operating system run by SonicWall firewalls. The researchers have described the flaw as a stack-based buffer overflow. This vulnerability was found in the SonicWall Network Security Appliance (NSA), a firewall solution that provides Virtual Private Network (VPN) capabilities for organizations. According to Tripwire, the vulnerability stems from the HTTP/HTTPS service used for device management and VPN access. The exploitation of this flaw involves sending a specially crafted HTTP request to the vulnerable service. Attackers could abuse the vulnerability to launch Denial-of-Service attacks and execute arbitrary code. This article continues to discuss what the exploitation of this critical vulnerability could allow hackers to do and how SonicWall responded to the discovery of this flaw. 

Security Week reports "Critical Vulnerability Allows Hackers to Disrupt SonicWall Firewalls"

Submitted by Anonymous on