Detections
Analytics

SonicWall SonicOS Firewall Multiple Management Vulnerabilities (URGENT/11)

critical Nessus Plugin ID 127107

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by multiple vulnerabilities:

 - Stack overflow in the parsing of IPv4 packets IP options. (CVE-2019-12256)

 - TCP Urgent Pointer = 0 leads to integer underflow (CVE-2019-12255)

 - TCP Urgent Pointer state confusion caused by malformed TCP AO option (CVE-2019-12260)

 - TCP Urgent Pointer state confusion during connect to a remote host (CVE-2019-12261)

 - TCP Urgent Pointer state confusion due to race condition (CVE-2019-12263)

 - Heap overflow in DHCP Offer/ACK parsing in ipdhcpc (CVE-2019-12257)

 - TCP connection DoS via malformed TCP options (CVE-2019-12258)

 - Handling of unsolicited Reverse ARP replies (Logical Flaw) (CVE-2019-12262)

 - Logical flaw in IPv4 assignment by the ipdhcpc DHCP client (CVE-2019-12264)

 - DoS via NULL dereference in IGMP parsing (CVE-2019-12259)

 - IGMP Information leak via IGMPv3 specific membership report (CVE-2019-12265)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in the vendor security advisory.

See Also

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

http://www.nessus.org/u?06406a07

https://armis.com/urgent11/

http://www.nessus.org/u?c7d3d59d

http://www.nessus.org/u?e1994faf

Plugin Details

Severity: Critical

ID: 127107

File Name: sonicwall_SNWLID-2019-0009.nasl

Version: 1.7

Type: remote

Family: Firewalls

Published: 7/29/2019

Updated: 12/6/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-12262

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:sonicwall:sonicos

Required KB Items: Host/OS

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/19/2019

Vulnerability Publication Date: 7/19/2019

Reference Information

CVE: CVE-2019-12255, CVE-2019-12256, CVE-2019-12257, CVE-2019-12258, CVE-2019-12259, CVE-2019-12260, CVE-2019-12261, CVE-2019-12262, CVE-2019-12263, CVE-2019-12264, CVE-2019-12265

IAVA: 2019-A-0274-S