Skip to content
Get A Demo
Free SIEM
    January 25, 2021

    SonicWall Privilege Escalation: CVE-2020-5144

    As of late Friday morning, SonicWall was in the early stages of advising its customers of a breach which may have impacted its security products. While initial reports indicated a wide range of potentially impacted products across the SonicWall product line, this was later clarified to just the SMA (Secure Mobile Access) 100. The SMA 100 is an appliance which is intended to provide secure access to data center, cloud, and SaaS (software as a service) resources from a single portal.

    The announcement came four days after proof of concept (POC) exploit code for CVE-2020-5144 was released, which describes exploitation of the SonicWall Global VPN Windows client for privilege escalation by leveraging a vulnerability that allowed the executable search order to be hijacked. This would allow an ordinary user to elevate their permissions to SYSTEM (administrative-level privileges).

    Early this Monday morning, Darren Martyn, a security researcher, released a previously unpublished exploit against SonicWall SSL-VPN (which includes the firewall line). This particular method of exploitation was leveraged during the Hacking Team data breach and allowed the threat actor in that instance to not simply gain remote access to the device, but also add code to the login page to capture usernames and passwords.

    What Should I Do if I’m a SonicWall Customer?

    Tag(s): Security Alerts , Blog , CVE

    Erica Mixon

    Erica is an award-winning writer, editor and journalist with over ten years of experience in the digital publishing industry. She holds a Bachelor’s degree in writing, literature and publishing from Emerson College. Her foray into technology began at TechTarget, where she provided editorial coverage on a wide variety...

    More from the blog

    View All Posts