While there are no known “exploits in the wild” all ADMINs should ensure their Sonic Wall VPN facilities have the latest OCT-2020 security updates in place.  SANS ISC rates this vulnerability as a “PATCH NOW” security issue


SonicWall released updates last week which fix this vulnerability and several others. Although no known exploit has been detected in the wild. I expect, give recent historical attacks on VPNs, I would expect this one will get a lot of interest from bad guys. I strongly recommend updating as soon as reasonable. Discovered by Tripwire VERT, CVE-2020-5135 is a buffer overflow vulnerability in the popular SonicWall Network Security Appliance (NSA) which can permit an unauthenticated bad guy to execute arbitrary code on the device.

The following versions of SonicWall are vulnerable:

SonicOS and earlier
SonicOS and earlier
SonicOS and earlier
SonicOSv and earlier


By admin