SonicWall was forced to release another patch to address a vulnerability that was initially reported in September 2020 affecting more than 800.000 SonicWall VPNs. Originally flagged and treated as CVE-2020-5135, the issue was identified as a critical stack-based buffer overflow vulnerability that could be exploited by remote attackers to execute arbitrary code on affected devices or to cause denial of service (DoS) . Cybersecurity vendor SonicWall released a patch to fix the vulnerability in October 2020. However, it turns out that the patch was not coded correctly and actually caused a core dump issue that forced SonicWall back to the table. drawing to solve the problem. . , which is now fixed. Craig Young, a security researcher at TripWire, who is credited by Nikita Abramov of Positive Technologies as the discoverer of the CVE-2020-5135 vulnerability, has posted a detailed account of his interactions with SonicWall to fix the "sloppy arrangement". "
Better late than never
Young shares that he noticed something was wrong with the October patch for CVE-2020-5135 and alerted SonicWall on October 6. “On October 9, SonicWall confirmed my expectations that this was the result of an incorrect patch for CVE-2020-5135 and told me that patched versions of the firmware had already started to be made available on mysonicwall.com, as well as via of azure. ”Jeune writes. He claims that while a revision of the fixed patch, now registered as CVE-2021-20019, was shared by SonicWall in October 2020, it wasn't until several months later, in June 2021, that the revision was made public and the fix was pushed. . To customers.- We have also put together a list of the best VPN solutions available.