Holes found in SonicWall god box

Powered by SC Magazine
 

Pen tests poke holes in NSA 4500.

Update: SonicWall has patched the flaws.

 Multiple vulnerabilities have been found in SonicWall’s Network Security Appliance (NSA) 4500.

Hugo Vázquez Caramés, chief executive of a Barcelona-based penetration testing firm, said the flaws were found during an ethical hack against a customer’s wireless network.

Caramés reported that MAC spoofing protection contained in the NSA 4500 unified threat management device was incompatible and would fail when used with SonicWall’s SonicPoint wireless access points.

Carames

Penetration testers had conducted ARP spoofing attacks against a customer’s network and found MAC spoofing protection had failed but appeared functional to administrators.

“Customers don't know they are unprotected even if they have the MAC spoofing activated,” Caramés said.

He said SonicWall had confirmed the vulnerability. SonicWall Australia was investigating the disclosure but could not confirm the report by the time of publication.

A vulnerability was also found in the NSA 4500 web administrator interface which would execute malicious JavaScript in a form labelled "Login page content".

Caramés had performed session hijacking against the NSA 4500 using brute force attacks.

He said the device generated weak HTTP session identities which were stored in the sessid cookie variable.

“From a LAN, 10 percent of all IDs can be brute forced in one day. The more administrators are logged in, the more dangerous is the scenario, and easier is the brute force attack.”

He posted the brute force attack used to hijack sessions.

GET /log.wri HTTP/1.0

 

Host: 123.123.123.123

 

Connection: close

 

User-Agent: brute-forcing

 

Cookie: SessId=111111111

SessId equals the variable which changes in each request. Host is the SonicWall IP address. A 200 HTTP response and SonicWall logs will appear if the attack was successful.

Update: SonicWall has said the "medium severity" vulnerabilities (SonicOS Management SessionID Brute Force Vulnerability and Preview of Custom Web Page Vulnerability) have been patched.

The fixes are availabe on its support website.

Copyright © SC Magazine, Australia


Holes found in SonicWall god box
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 859

Vote