CVE-2020-5148:SonicWall SSO-agent authentication bypass vulnerability

splash
Back

Description Preview

A vulnerability in SonicWall SSO-agent's default configuration allows attackers to capture password hashes of privileged users through NetAPI probing. This can potentially force the SSO Agent to authenticate, enabling attackers to bypass firewall access controls and gain unauthorized network access.

Overview

The vulnerability (CVE-2020-5148) affects the SonicWall Single Sign-On (SSO) agent which is used to authenticate users to network resources. In its default configuration, the SSO-agent uses NetAPI to probe associated IP addresses in the network. This client probing method creates a security weakness where an attacker can intercept and capture the password hash of privileged users. By capturing these hashes, an attacker could potentially force the SSO Agent to authenticate, effectively bypassing firewall access controls and gaining unauthorized access to protected resources. This vulnerability is classified as CWE-287 (Improper Authentication).

Remediation

Organizations using SonicWall SSO-agent should:

  1. Update to the latest version of the SonicWall SSO-agent as recommended by SonicWall.
  2. Change the default configuration to disable NetAPI probing if possible.
  3. Implement network segmentation to limit the exposure of the SSO-agent.
  4. Monitor network traffic for suspicious authentication attempts.
  5. Follow SonicWall's security advisory (SNWLID-2021-0003) for specific patching instructions and configuration changes.
  6. Consider implementing additional authentication mechanisms as a defense-in-depth measure.

References

  1. SonicWall Security Advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0003
  2. MITRE CWE-287 (Improper Authentication): https://cwe.mitre.org/data/definitions/287.html
  3. CVE-2020-5148 National Vulnerability Database entry

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Low
    Manufacturing
  2. Accommodation & Food Services: Low
    Accommodation & Food Services
  3. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  4. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  5. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  6. Construction: Low
    Construction
  7. Educational Services: Low
    Educational Services
  8. Finance and Insurance: Low
    Finance and Insurance
  9. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  10. Information: Low
    Information
  11. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background