SonicOS Host Header Redirection

SonicWall Security Advisory

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

To avoid this vulnerability, follow these steps:

  1. Upgrade the firmware to the fixed version (6.5.4.8-89n, 7.0.1-R1456 etc. and higher versions),
  2. Enable the option ‘Enforce HTTP Host Header Check’ on the Firewall Administrator page Or use the CLI option, configure > administration > enforce-http-host-check.

CVE: CVE-2021-20031
Last updated: March 6, 2024, 2:29 a.m.

READ MORE