CONFUSED DEPUTY CVE-2020-5146: SonicWall SMA100 (OS Command Injection)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
CVSS Base score of this vulnerability is not available currently. This vulnerability is still being evaluated by NVD.
1.3 Affected Version
This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.
1.4 Vulnerability Attribution
This vulnerability is reported by Erik De Jong.
1.5 Risk Impact
SonicWall SMA is a unified secure access gateway that enables organizations to provide anytime, anywhere and any device access to mission critical corporate resources. SMA100 gives businesses with up to 250 users an affordable, secure remote access solution that is easy to deploy, use and manage. With multiple layers of security through policy-enforced access control to applications after establishing user and device identity and trust, a SonicWall SMA 100 Series means users can work from anywhere with security everywhere.
The consequences of a command injection attack can be very serious. An attacker can execute arbitrary commands with elevated privileges. With this ability they can take over the remote server.
A publicly disclosed vulnerability is not available currently.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web can protect against OS Command Injection attacks. VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
1.7 Reference Links:
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!