Holes found in SonicWall god box

Powered by SC Magazine
 

Pen tests poke holes in NSA 4500.

Update: SonicWall has patched the flaws.

 Multiple vulnerabilities have been found in SonicWall’s Network Security Appliance (NSA) 4500.

Hugo Vázquez Caramés, chief executive of a Barcelona-based penetration testing firm, said the flaws were found during an ethical hack against a customer’s wireless network.

Caramés reported that MAC spoofing protection contained in the NSA 4500 unified threat management device was incompatible and would fail when used with SonicWall’s SonicPoint wireless access points.

Carames

Penetration testers had conducted ARP spoofing attacks against a customer’s network and found MAC spoofing protection had failed but appeared functional to administrators.

“Customers don't know they are unprotected even if they have the MAC spoofing activated,” Caramés said.

He said SonicWall had confirmed the vulnerability. SonicWall Australia was investigating the disclosure but could not confirm the report by the time of publication.

A vulnerability was also found in the NSA 4500 web administrator interface which would execute malicious JavaScript in a form labelled "Login page content".

Caramés had performed session hijacking against the NSA 4500 using brute force attacks.

He said the device generated weak HTTP session identities which were stored in the sessid cookie variable.

“From a LAN, 10 percent of all IDs can be brute forced in one day. The more administrators are logged in, the more dangerous is the scenario, and easier is the brute force attack.”

He posted the brute force attack used to hijack sessions.

GET /log.wri HTTP/1.0

 

Host: 123.123.123.123

 

Connection: close

 

User-Agent: brute-forcing

 

Cookie: SessId=111111111

SessId equals the variable which changes in each request. Host is the SonicWall IP address. A 200 HTTP response and SonicWall logs will appear if the attack was successful.

Update: SonicWall has said the "medium severity" vulnerabilities (SonicOS Management SessionID Brute Force Vulnerability and Preview of Custom Web Page Vulnerability) have been patched.

The fixes are availabe on its support website.

Copyright © SC Magazine, Australia


Holes found in SonicWall god box
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  26%
TOTAL VOTES: 239

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 74

Vote