01.16.2024

SonicWall – SonicOS Unauthenticated Stack-Based Buffer Overflow Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 01/16/2024

Action Level - High

Description

MCNC would like to alert you regarding a vulnerability affecting SonicWall Firewalls. A Stack-based buffer overflow vulnerability in the SonicOS via a HTTP request, allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution on the firewall. Currently over 178,000 SonicWall devices are impacted by this vulnerability; vulnerability details can be found here CVE-2022-22274 (Risk Score: 9.4) and here CVE-2023-0656 (Risk Score: 7.5)

NB:  This vulnerability currently ONLY impacts the "web management" interface, the SonicOS SSLVPN interface is not impacted.

Exploit scripts have just started to be found on github and using these scripts is relatively easy. A great example of how the buffer-overflow vulnerability works can be found here, CVE-2022-22274_CVE-2023-0656.

Fixed Versions

  • For CVE-2022-22274 
ProductImpacted PlatformsImpacted VersionFixed Version
SonicWall FireWallsTZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570,TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700,
NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,NSv 270, NSv 470, NSv 870
7.0.1-5050 and earlier7.0.1-5051 and higher
SonicWall NSsp FirewallNSsp 157007.0.1-R579 and earlierMid-April (Hotfix build 7.0.1-5030-HF-R844)
SonicWall NSv FirewallsNSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,NSv, 300, NSv 400, NSv 800, NSv 16006.5.4.4-44v-21-1452 and earlier6.5.4.4-44v-21-1519 and higher
  • For CVE-2023-0656
ProductImpacted PlatformsImpacted VersionFixed Version
SonicWall FireWallsTZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570,TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700,
NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,NSv 270, NSv 470, NSv 870
7.0.1-5095 and earlier7.0.1-5111 and higher
SonicWall NSsp FirewallNSsp 157007.0.1-5083 and earlierPlease contact SonicWall support for the Hotfix build.
SonicWall NSv FirewallsNSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,NSv, 300, NSv 400, NSv 800, NSv 16006.5.4.4-44v-21-1551 and earlierGen6 NSv - 6.5.4.4-44v-21-2079 and higher

Attack Vector

An attacker with access to a vulnerable system via TCP 80/443.

Attack Feasibility 

Proof of concept code for this exploit has been released, and active exploitation is likely in the very near future. Proof of concept can be found here.

Mitigation/Remediation

Immediately update your SonicWall firewall to a fixed/secure version.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC