SonicWall SonicOS Firewall Multiple Management Vulnerabilities (URGENT/11)

High Nessus Plugin ID 127107

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by multiple vulnerabilities:

- Stack overflow in the parsing of IPv4 packets IP options. (CVE-2019-12256)

- TCP Urgent Pointer = 0 leads to integer underflow (CVE-2019-12255)

- TCP Urgent Pointer state confusion caused by malformed TCP AO option (CVE-2019-12260)

- TCP Urgent Pointer state confusion during connect to a remote host (CVE-2019-12261)

- TCP Urgent Pointer state confusion due to race condition (CVE-2019-12263)

- Heap overflow in DHCP Offer/ACK parsing in ipdhcpc (CVE-2019-12257)

- TCP connection DoS via malformed TCP options (CVE-2019-12258)

- Handling of unsolicited Reverse ARP replies (Logical Flaw) (CVE-2019-12262)

- Logical flaw in IPv4 assignment by the ipdhcpc DHCP client (CVE-2019-12264)

- DoS via NULL dereference in IGMP parsing (CVE-2019-12259)

- IGMP Information leak via IGMPv3 specific membership report (CVE-2019-12265)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in the vendor security advisory.

See Also

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

http://www.nessus.org/u?06406a07

https://armis.com/urgent11/

http://www.nessus.org/u?c7d3d59d

http://www.nessus.org/u?e1994faf

Plugin Details

Severity: High

ID: 127107

File Name: sonicwall_SNWLID-2019-0009.nasl

Version: 1.5

Type: remote

Family: Firewalls

Published: 2019/07/29

Updated: 2019/10/18

Dependencies: 11936

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2019-12262

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:sonicwall:sonicos

Required KB Items: Host/OS

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/07/19

Vulnerability Publication Date: 2019/07/19

Reference Information

CVE: CVE-2019-12255, CVE-2019-12256, CVE-2019-12257, CVE-2019-12258, CVE-2019-12259, CVE-2019-12260, CVE-2019-12261, CVE-2019-12262, CVE-2019-12263, CVE-2019-12264, CVE-2019-12265

IAVA: 2019-A-0274