More than 178,000 SonicWall firewalls exposed over the network are vulnerable to at least two security vulnerabilities that could be exploited to cause a denial of service (DoS) condition and remote code execution (RCE).
Jon Williams, a senior security engineer at Bishop Fox, said in a technical analysis shared with The Hacker News: “The two issues are essentially the same, but can be exploited across different HTTP servers due to the reuse of vulnerable code patterns. Exploited on the URI path.”
The vulnerabilities in question are listed below –
- CVE-2022-22274 (CVSS Rating: 9.4) – A stack-based buffer overflow vulnerability in SonicOS via HTTP requests could allow an unauthenticated remote attacker to cause a DoS or possibly code execution within the firewall.
- CVE-2023-0656 (CVSS Rating: 7.5) – A stack-based buffer overflow vulnerability in SonicOS allows an unauthenticated remote attacker to cause a DoS, potentially leading to a crash.
While there have been no reports of these flaws being exploited in the wild, the SSD Secure Disclosure team released a proof-of-concept (PoC) for CVE-2023-0656 in April 2023.
Cybersecurity firms revealed that these issues could be exploited by bad actors to cause repeated crashes and force devices into maintenance mode, requiring administrative action to restore normal functionality.
“Perhaps most surprising, more than 146,000 publicly accessible devices are vulnerable to a vulnerability released two years ago,” Williams said.
watchTowr Labs has discovered multiple stack-based buffer overflow flaws in the SonicOS management web interface and SSL VPN portal that can cause firewall crashes.
To prevent possible threats, it is recommended to update to the latest version and ensure that the management interface is not exposed on the network.
