[German]Swizz blog reader Adrian has forwarded an alerted me to about a critical vulnerability in the Sonicwall firewall web management interface (thanks for that). The vulnerability affects both physical and virtual firewalls from SonicWall. The vendor strongly advises its customers to apply the appropriate SonicOS patch immediately.
In a security advisory dated June 14, 2021, SonicWall points out a SonicOS vulnerability in the firewall's web management interface. The vendor writes:
SonicWall physical and virtual firewalls running certain versions of SonicOS may contain a vulnerability that could be leveraged for an unauthenticated Denial-of-Service (DoS) attack by sending a specially crafted POST request to the web interface.
The vulnerability requires that web management is enabled on the WAN/LAN interface and assumes an active management session is in progress. For example, an administrator is logged in to the web interface or Global Management System (GMS) / Network Security Manager (NSM) are configured to manage the firewall over HTTPS on the WAN interface.
Other GMS/NSM management modes listed below are not affected if WAN management on the firewall is disabled. The SSL VPN portal on the firewall, Virtual Office, is NOT affected.
Currently, there is no indication that the discovered vulnerability is being exploited in the wild. SonicWall STRONGLY advises its customers to apply the appropriate SonicOS patch immediately. The details of the update can be found in this security sdvisory.
Until the patches listed in the support article can be applied, SonicWall strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted Internet sources) by modifying existing SonicOS management access rules (SSH/HTTPS/HTTP management). This will only allow management access from trusted source IP addresses.
