Customers are not protected due to errors in SonicWall products.
The information security company Bishop Fox found that more than 178,000 new-generation SonicWall firewalls (NGFW), which have an online management interface, are vulnerable to DoS attacks (Denial of Service, denial of Service) and Remote Code Execution (RCE).
The devices are subject to two vulnerabilities:
Bishop Fox specialists scanned SonicWall firewalls with Internet-accessible management interfaces and found that 76% (178,637 out of 233,984) were vulnerable to one or both problems.
Even if attackers are unable to execute code on the target device, they can exploit vulnerabilities to put it into maintenance mode, which will require administrators to step in to restore standard functionality. Thus, even if remote code execution is not possible, an attacker can still use vulnerabilities to disable perimeter firewalls and the access they provide to corporate networks via VPNs.
Although the SonicWall Product Security Incident Response Team (PSIRT) reports that they are not aware of exploiting the vulnerabilities in real-world environments, at least one Proof-of-Concept (PoC) exploit is available online for CVE-2022-22274. SSD Labs published a technical description of the error with the PoC exploit, noting two URI paths where the error could be initiated.
Administrators are advised to make sure that the SonicWall firewall management interface is not available online and update the software to the latest versions as soon as possible.
Previously, SonicWall has already been exploited. For example, in March 2023, it became known that Chinese hackers were exploiting uncorrected SonicWall gateways and infecting devices with malware to steal credentials, which persists after a firmware update. And in January 2021, SonicWall reported that hackers had penetrated the company's internal systems through a zero-day vulnerability in SonicWall's VPN products.
The information security company Bishop Fox found that more than 178,000 new-generation SonicWall firewalls (NGFW), which have an online management interface, are vulnerable to DoS attacks (Denial of Service, denial of Service) and Remote Code Execution (RCE).
The devices are subject to two vulnerabilities:
- CVE-2022-22274 (CVSS score: 9.8): A stack-based buffer Overflow vulnerability in SonicOS via an HTTP request allows a remote unauthorized attacker to cause a denial of service (DoS) or potentially cause code execution in the firewall.
- CVE-2023-0656 (CVSS score: 7.5): A buffer overflow vulnerability in the SonicOS stack allows a remote unauthorized attacker to cause a denial of service (DoS) attack, which can cause a firewall failure.
Bishop Fox specialists scanned SonicWall firewalls with Internet-accessible management interfaces and found that 76% (178,637 out of 233,984) were vulnerable to one or both problems.
Even if attackers are unable to execute code on the target device, they can exploit vulnerabilities to put it into maintenance mode, which will require administrators to step in to restore standard functionality. Thus, even if remote code execution is not possible, an attacker can still use vulnerabilities to disable perimeter firewalls and the access they provide to corporate networks via VPNs.
Although the SonicWall Product Security Incident Response Team (PSIRT) reports that they are not aware of exploiting the vulnerabilities in real-world environments, at least one Proof-of-Concept (PoC) exploit is available online for CVE-2022-22274. SSD Labs published a technical description of the error with the PoC exploit, noting two URI paths where the error could be initiated.
Administrators are advised to make sure that the SonicWall firewall management interface is not available online and update the software to the latest versions as soon as possible.
Previously, SonicWall has already been exploited. For example, in March 2023, it became known that Chinese hackers were exploiting uncorrected SonicWall gateways and infecting devices with malware to steal credentials, which persists after a firmware update. And in January 2021, SonicWall reported that hackers had penetrated the company's internal systems through a zero-day vulnerability in SonicWall's VPN products.
