¡¾·ì϶¹«¸æ¡¿SonicWall VPN 0day·ì϶

°ä²¼¹¦·ò 2021-01-25

0x00 ·ì϶¸ÅÊö

CVE  ID


ʱ  ¼ä

2021-01-25

Àà   ÐÍ

Ô¤Éí·ÝÑéÖ¤

µÈ  ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


 

0x01 ·ì϶ÏêÇé

image.png

 

SonicWallÊÇÓ²¼þ·À»ðǽÉ豸¡¢VPNÍø¹ØºÍÍøÂ簲ȫ½â¾ö¹æ»®µÄ³ÛÃûÔì×÷ÉÌ£¬Æä²úÆ·ÖØÒªÓÃÓÚSOHO¡¢SMB¡¢ÆóÒµ¡¢·þÎñÌṩÉÌ¡¢µç×ÓÉÌÎñ¡¢µ±¾Ö¡¢½ÌÓýºÍÒ½ÁÆ»ú¹¹µÈ¶à¸ö×éÖ¯»ú¹¹¡£

2021Äê1ÔÂ22ÈÕ, SonicWall°ä²¼´¹Î£´«µÝ£¬¹«¿ªÁËÆäSecure Mobile Access£¨SMA£©VPNÉ豸¼°ÆäNetExtender VPN¿Í»§¶ËÖеÄÒ»¸ö0 day·ì϶£¬²¢ÇҸ÷ì϶ÔÚ±»¹¥»÷Õß»ý¼«ÀûÓá£

Secure Mobile Access£¨SMA£©ÊÇÒ»¸öÎïÀíÉ豸£¬¿ÉÌṩVPN½ÓÈëÄÚ²¿ÍøÂ磬¶øNetExtender VPN¿Í»§¶ËÊÇÒ»¸öÈí¼þ¿Í»§¶Ë£¬ÓÃÓÚÏνӵ½Ö§³ÖVPNÏνӵķÀ»ðǽ¡£

Ö»¹ÜÄ¿Ç°¸Ã·ì϶µÄϸ½Ú¹Ù·½ÔÝδ°ä²¼£¬µ«SonicWall°µÊ¾£¬Äܹ»Í¨¹ýÔÚÊÜÓ°ÏìµÄÉ豸ÉÏÆôÓöà³É·ÖÉí·ÝÑéÖ¤£¨MFA£©²¢Ï޶ȶԻùÓÚ°×Ãûµ¥IPµØÖ·µÄÉ豸µÄ½Ó¼ûÀ´»º½â·ì϶¡£

 

Ó°ÏìÁìÓò

NetExtender 10.x

ÓÃÓÚÏνÓSMA 100ϵÁÐÉ豸ºÍSonicWall·À»ðǽµÄNetExtender VPN¿Í»§¶Ë°æ±¾10.x

SMA 10.x

ÔÚSMA 200¡¢SMA 210¡¢SMA 400ºÍSMA 410ÎïÀíÉ豸¼°SMA 500vÐé¹¹É豸ÉÏÔËÐеÄSecure Mobile Access£¨SMA£©°æ±¾10.x

µ÷²éÖÐ

SMA 100ϵÁÐ

 

 

0x02 ´ëÖý¨Òé

Ä¿Ç°£¬¸Ã·ì϶µÄ²¹¶¡ÔÝδ°ä²¼£¬½¨ÒéÆÚ´ý¹Ù·½°ä²¼²¹¶¡²¢×öºÃһʱ·À»¤´ëÊ©¡£


һʱ´ëÊ©£¨ºÏÓÃÓÚSMA 100ϵÁÐÉ豸»òNetExtender 10.x£©

¶ÔÓÚSMA 100ϵÁÐ

l  ÉèÖ÷À»ðǽ½öÔÊÐí´ÓÒÑÖª/ÁÐÈë°×Ãûµ¥µÄIPͨ¹ýSSL-VPNÏνӵ½SMAÉ豸¡£

l  Ö±½ÓÔÚSMAÉÏ×ÔÐÐÅäÖð×Ãûµ¥½Ó¼ûȨÏÞ¡£

²Î¿¼Á´½Ó£º

https://www.sonicwall.com/support/knowledge-base/how-to-restrict-access-for-netextender-mobile-connect-users-based-on-policy-for-ip-address/170502499350337/


¶ÔÓÚͨ¹ýNETEXTENDER VPN¿Í»§¶Ë°æ±¾10.XÓµÓÐSSL-VPN½Ó¼ûµÄ·À»ðǽ

½ûÓÃNetExtender¶Ô·À»ðǽµÄ½Ó¼û£¬»òͨ¹ýÔÊÐíÁбí/°×Ãûµ¥ÏÞ¶Å×û§ºÍÖÎÀíÔ±¶ÔÆ乫¹²IPµÄ½Ó¼û¡£

²Î¿¼Á´½Ó£º

https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-the-ssl-vpn-feature-for-use-with-netextender-or-mobile-connect/170505401898786/

 

±ØÐëÔÚËùÓÐSONICWALL SMA¡¢·À»ðǽºÍMYSONICWALLÕÊ»§ÉÏÆôÓÃMFA¡£

²Î¿¼Á´½Ó£º

https://www.sonicwall.com/support/knowledge-base/how-to-configure-two-factor-authentication-using-totp-for-https-management/190201153847934/

https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-ldap-and-totp/190829123329169/

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-time-based-one-time-password-totp-in-sma-100-series/180818071301745/

 

 

0x03 ²Î¿¼Á´½Ó

https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/

https://www.bleepingcomputer.com/news/security/sonicwall-firewall-maker-hacked-using-zero-day-in-its-vpn-device/

https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/#ftag=RSSbaffb68

 

 

0x04 ¹¦·òÏß

2021-01-22  SonicWall°ä²¼°²È«²¼¸æ

2021-01-23  SonicWall¸üа²È«²¼¸æ

2021-01-25  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png