Title: SonicWall Firewall/VPN Appliance Multiple ARP Request Handling Vulnerabilities
Severity: MODERATE
Description:
SonicWall VPN and Firewall appliances are network devices designed to enhance security through firewall and virtual private network capabilities.
Several problems in the handling of ARP requests have been identified in SonicWall VPN and Firewall devices. Because of this, an attacker may be able to gain access to sensitive information about networks behind SonicWall devices. Denial of service attacks through affected devices are also possible.
These issues require an attacker be able to send ARP requests to the affected device, which limits attacks to systems on local network segments.
The following three issues have been identified:
When handling an ARP request on the external network interface, the SonicWall device queries internal devices for the requested address. Upon finding it, the device will respond to the request through the external interface on behalf of the system on the internal network. This could result in information disclosure.
When handling ARP requests on the external interface for addresses which do not exist in the device ARP cache, if the requested address exists on the internal network, the device will proxy the request from the external interface to the internal interface, and pass the request to the device. This could result in information disclosure and violation of firewall and security policy.
When a request is proxied from the external interface to the internal interface, the device sends three ARP broadcasts for each received request. Because of this, an attacker could potentially use this to create an effective denial of service to systems behind the SonicWall device.
**Update: Additional reports indicate that the viability of the denial of service attack described in this BID is not plausible.
Affected Products:
- SonicWALL Sonic OS 6.2.0.0.0
- SonicWALL Sonic OS 6.3.1.0
- SonicWALL Sonic OS 6.3.1.4
- SonicWALL Sonic OS 6.4.0.0.1
- SonicWALL Sonic OS 6.4.0.0.2
- SonicWALL Sonic OS 6.5.0.0.3
- SonicWALL Sonic OS 6.5.0.0.4
References:
- SonicWALL: Vendor Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
