Resolution The work-arounds described above will resolve the vulnerability until a permanent resolution is developed. Sonicwall is working on a fix for this issue that will be available with the release of the next version of SonicWALL firmware. If you require additional assistance with this vulnerability, please visit SonicWALL's Technical Support site at: http://www.customer.mysonicwall.com/ecustomer/start.swe?SWECmd=Login.
The Sonicwall SOHO3 is an Internet security appliance that provides firewall security solutions.
Reportedly, a vulnerability exists in the product that allows for a script injection attack to be launched from a malicious user within the internal LAN.
It is possible to configure Sonicwall to block domains from a list of user entered domains. Sonicwall will deny local users access to the websites that have been blocked. A malicious user may be able to inject script code as part of a URL of a blocked domain. Attempts to access blocked domains will be entered into the log files of Sonicwall. An administrator viewing the log files will automatically cause the malicious script code execute.
If the attacker's script code is injected into the logfile then the administrator will not be able to access the log normally. To regain access to the logs the appliance will need to be rebooted. It should be noted that rebooting the appliance will cause the logs to be cleared and will effectively eliminate any indication in the logs of which user initiated the attack.
It is possible for a malicious remote user to exploit this issue by crafting a URL of a known blocked domain that includes script code, and enticing a local user into following the link.
The script code will redirect a user to a different site.
SonicWALL SOHO3 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate blocked site URIs upon submission to the administrator logs. This could allow a user to create a specially crafted URL that would execute arbitrary code in the administrator's browser when s/he views the log, leading to a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds:
1. Unselect "Blocked Web Sites" from the "Log->Log Settings" tab. Selected sites will continue to be blocked, but no logs will be generated.
2. Disabled Active Scripting in your web browser.