SonicWall SonicOS hit by SSL VPN service vulnerability The best free firewall
SonicOS, the operating system at the heart of the SonicWall range of network security devices, has been struck by a vulnerability that affects its SSL VPN login page. The vulnerability affects various versions of Sonic OS, including iterations of Gens 5, 6 and 7.
According to SonicWall’s own Security Advisory, the vulnerability allows an unauthenticated attacker to conduct firewall management administration username enumeration based on the server response. Other details are currently thin on the ground as the vulnerability is still undergoing analysis.
Vulnerabilities are particularly damaging for security suppliers like SonicWall. If such an organization cannot safeguard against its own vulnerabilities, customer confidence is sure to plummet.
Brute force
User enumeration vulnerabilities usually appear when a cyberattacker employs brute force to gain entry to a network or system. Often an error with the functionality of the login page provides attackers with clues that they can then use to essentially guess the correct user credentials.
SonicWall has gained a strong reputation for providing next-generation firewalls and other security solutions. One of its core products is its SSL VPN NetExtender, which allows remote users to connect and run any application on an organization’s network.
As the business world has become more mobile, remote access to sensitive company data and applications has become increasingly important. An SSL VPN aims to provide the access required without compromising on security.
The discovery of a new SSL VPN vulnerability affecting SonicOS is particularly worrying, therefore, for any organization that relies on the operating system for protection. If an attacker was able to gain administrative access to a company’s firewall management, it could potentially open the door to further malicious action later on.
SonicOS, the operating system at the heart of the SonicWall range of network security devices, has been struck by a vulnerability that affects its SSL VPN login page. The vulnerability affects various versions of Sonic OS, including iterations of Gens 5, 6 and 7. According to SonicWall’s own Security Advisory,…
