A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been found to be “botched” The company left a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. SonicWall’s decision to hold back the patch comes amid multiple zero-day disclosures affecting its remote access VPN and email security products that have been exploited in a series of in-the-wild attacks to deploy backdoors and a new strain of ransomware called FIVEHANDS.
Source: https://thehackernews.com/2021/06/sonicwall-left-vpn-flaw-partially.html