Hello, welcome to the Thursday, February 20th, 2020 edition of the Sandcent, Center Storm Center's Stormcast.

My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

One of the trends over the last year has been vulnerabilities in security device.

And we have yet an additional example of this. This time it's Sonic

Walls, Secure Remote Access, SRA, and also the SMA devices. Ellen Moat found this and he sort

of followed the pattern that Orange Zai originally implemented with Palo Alto, Ftnet and Pulse Secure,

he downloaded the virtual machine implementation of the Sonic Wall, Firewall, and then essentially

inspected the code.

Now he found a number of serious vulnerabilities, for example,, SQL injection vulnerability does not require

authentication and allows access to arbitrary data. That one is rather easy to implement, but there

are also some arbitrary code execution vulnerabilities, like for example, buffer overflow in lipciss.s.o and a third unauthenticated

vulnerability that allows directory traversed. In addition, he found three other vulnerabilities that do

require some form of authentication. Sonic Wall did patch these vulnerabilities in mid-December, but Alan, nice of him to wait

until now to actually publish the blog post with quite a bit of detail about how to exploit

these vulnerabilities.

So better make sure you are patched.

And talking about patches you should have applied by now.

Well, the Microsoft February patched Tuesday is just about a week old, and we do have an

exploit now for a remote code execution in SQL server reporting services.

This was CVE 2020-0618.

MDSEC originally found this vulnerability, and they now published a blog post,

...