¡¾Îó²îͨ¸æ¡¿SonicWall VPN 0dayÎó²î

Ðû²¼Ê±¼ä 2021-01-25

0x00 Îó²î¸ÅÊö

CVE  ID


ʱ  ¼ä

2021-01-25

Àà   ÐÍ

Ô¤Éí·ÝÑéÖ¤

µÈ  ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


 

0x01 Îó²îÏêÇé

image.png

 

SonicWallÊÇÓ²¼þ·À»ðǽװ±¸¡¢VPNÍø¹ØºÍÍøÂçÇå¾²½â¾ö¼Æ»®µÄ×ÅÃûÖÆÔìÉÌ£¬ £¬£¬Æä²úÆ·Ö÷ÒªÓÃÓÚSOHO¡¢SMB¡¢ÆóÒµ¡¢Ð§ÀÍÌṩÉÌ¡¢µç×ÓÉÌÎñ¡¢Õþ¸®¡¢½ÌÓýºÍÒ½ÁÆ»ú¹¹µÈ¶à¸ö×éÖ¯»ú¹¹¡£¡£¡£

2021Äê1ÔÂ22ÈÕ, SonicWallÐû²¼½ôÆÈת´ï£¬ £¬£¬¹ûÕæÁËÆäSecure Mobile Access£¨SMA£©VPN×°±¸¼°ÆäNetExtender VPN¿Í»§¶ËÖеÄÒ»¸ö0 dayÎó²î£¬ £¬£¬²¢ÇÒ¸ÃÎó²îÕýÔÚ±»¹¥»÷ÕßÆð¾¢Ê¹Óᣡ£¡£

Secure Mobile Access£¨SMA£©ÊÇÒ»¸öÎïÀí×°±¸£¬ £¬£¬¿ÉÌṩVPN½ÓÈëÄÚ²¿ÍøÂ磬 £¬£¬¶øNetExtender VPN¿Í»§¶ËÊÇÒ»¸öÈí¼þ¿Í»§¶Ë£¬ £¬£¬ÓÃÓÚÅþÁ¬µ½Ö§³ÖVPNÅþÁ¬µÄ·À»ðǽ¡£¡£¡£

Ö»¹ÜÏÖÔÚ¸ÃÎó²îµÄϸ½Ú¹Ù·½ÔÝδÐû²¼£¬ £¬£¬µ«SonicWallÌåÏÖ£¬ £¬£¬¿ÉÒÔͨ¹ýÔÚÊÜÓ°ÏìµÄ×°±¸ÉÏÆôÓöàÒòËØÉí·ÝÑéÖ¤£¨MFA£©²¢ÏÞÖƶԻùÓÚ°×Ãûµ¥IPµØµãµÄ×°±¸µÄ»á¼ûÀ´»º½âÎó²î¡£¡£¡£

 

Ó°Ïì¹æÄ£

NetExtender 10.x

ÓÃÓÚÅþÁ¬SMA 100ϵÁÐ×°±¸ºÍSonicWall·À»ðǽµÄNetExtender VPN¿Í»§¶Ë°æ±¾10.x

SMA 10.x

ÔÚSMA 200¡¢SMA 210¡¢SMA 400ºÍSMA 410ÎïÀí×°±¸¼°SMA 500vÐéÄâ×°±¸ÉÏÔËÐеÄSecure Mobile Access£¨SMA£©°æ±¾10.x

ÊÓ²ìÖÐ

SMA 100ϵÁÐ

 

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ£¬ £¬£¬¸ÃÎó²îµÄ²¹¶¡ÔÝδÐû²¼£¬ £¬£¬½¨ÒéÆÚ´ý¹Ù·½Ðû²¼²¹¶¡²¢×öºÃÔÝʱ·À»¤²½·¥¡£¡£¡£


ÔÝʱ²½·¥£¨ÊÊÓÃÓÚSMA 100ϵÁÐ×°±¸»òNetExtender 10.x£©

¹ØÓÚSMA 100ϵÁÐ

l  ÉèÖ÷À»ðǽ½öÔÊÐí´ÓÒÑÖª/ÁÐÈë°×Ãûµ¥µÄIPͨ¹ýSSL-VPNÅþÁ¬µ½SMA×°±¸¡£¡£¡£

l  Ö±½ÓÔÚSMAÉÏ×ÔÐÐÉèÖð×Ãûµ¥»á¼ûȨÏÞ¡£¡£¡£

²Î¿¼Á´½Ó£º

https://www.sonicwall.com/support/knowledge-base/how-to-restrict-access-for-netextender-mobile-connect-users-based-on-policy-for-ip-address/170502499350337/


¹ØÓÚͨ¹ýNETEXTENDER VPN¿Í»§¶Ë°æ±¾10.X¾ßÓÐSSL-VPN»á¼ûµÄ·À»ðǽ

½ûÓÃNetExtender¶Ô·À»ðǽµÄ»á¼û£¬ £¬£¬»òͨ¹ýÔÊÐíÁбí/°×Ãûµ¥ÏÞÖÆÓû§ºÍÖÎÀíÔ±¶ÔÆ乫¹²IPµÄ»á¼û¡£¡£¡£

²Î¿¼Á´½Ó£º

https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-the-ssl-vpn-feature-for-use-with-netextender-or-mobile-connect/170505401898786/

 

±ØÐèÔÚËùÓÐSONICWALL SMA¡¢·À»ðǽºÍMYSONICWALLÕÊ»§ÉÏÆôÓÃMFA¡£¡£¡£

²Î¿¼Á´½Ó£º

https://www.sonicwall.com/support/knowledge-base/how-to-configure-two-factor-authentication-using-totp-for-https-management/190201153847934/

https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-ldap-and-totp/190829123329169/

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-time-based-one-time-password-totp-in-sma-100-series/180818071301745/

 

 

0x03 ²Î¿¼Á´½Ó

https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/

https://www.bleepingcomputer.com/news/security/sonicwall-firewall-maker-hacked-using-zero-day-in-its-vpn-device/

https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/#ftag=RSSbaffb68

 

 

0x04 ʱ¼äÏß

2021-01-22  SonicWallÐû²¼Ç徲ͨ¸æ

2021-01-23  SonicWall¸üÐÂÇ徲ͨ¸æ

2021-01-25  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png