Last year, a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, was discovered affecting over 800,000 SonicWall VPNs.
When exploited, the vulnerability allows unauthenticated remote attackers to execute arbitrary code on the impacted devices, or cause Denial of Service (DoS).
In actual fact the vulnerability was not properly patched until now. As such a new vulnerability identifier, CVE-2021-20019 has been assigned to the flaw. The vulnerability, tracked as CVE-2020-5135, was present in versions of SonicOS, ran by over 800,000 active SonicWall devices.
The critical buffer overflow vulnerability lets an attacker send a malicious HTTP request to the firewall to cause a Denial of Service (DoS) or execute arbitrary code.