Critical Vulnerability: 178,000 SonicWall Firewalls at Risk of DoS and RCE

Recent research reveals a substantial number of vulnerable SonicWall firewall instances susceptible to remote code execution (RCE) and DoS attacks. Regrettably, no official patches are currently available, compelling clients to explore workarounds.

All about the Vulnerability– SonicWall Firewalls

Two primary vulnerabilities, identified as CVE-2022-22274 and CVE-2023-0656, are stack-based buffer overflow issues impacting SonicWall’s series 6 and 7 next-generation firewall (NGFW) devices. CVE-2022-22274 was disclosed in March 2022, while CVE-2023-0656 surfaced a year later in March 2023. The severity of these vulnerabilities, particularly CVE-2022-22274 with a CVSS score of 9.4, is critical and should not be underestimated.

In both scenarios, the vulnerabilities stem from insufficient input validation for HTTP requests received by the firewall. This lack of validation enables attackers to send malicious requests that the firewall cannot properly handle, resulting in buffer overflow.

Additionally, exploiting these vulnerabilities necessitates exposing the management interfaces of SonicWall devices to the internet. This exposure heightens the risk of attacks, as it grants remote, unauthenticated attackers the opportunity to exploit the vulnerabilities.

Bishop Fox, a cybersecurity firm, found that out of 233,984 scanned SonicWall devices with internet-facing control interfaces, 76% were susceptible to at least one vulnerability, and 62% were vulnerable to both bugs. Notably, these 146,087 devices are at risk due to a vulnerability publicly disclosed nearly two years ago.

VULNERABILITY CONSEQUENCES

The high number of vulnerable firewalls is concerning, especially considering SonicWall’s extensive customer base of over 500,000 businesses in 215+ countries. The identified vulnerabilities in 178,000+ SonicWall firewalls can lead to severe consequences.

 MITIGATION

1. Regular Review and Update:
   • Review and update firewall rules and security policies consistently.
2. Port and Service Management:
   • Ensure only necessary ports and services are open and accessible.
3. Intrusion Detection and Prevention:
   • Utilize IDS and IPS to monitor network traffic, identify suspicious activities, and block malicious traffic.
4. Security Audits and Vulnerability Assessments:
   • Conduct regular security audits and vulnerability assessments for network devices.
5. Network Segmentation:
   • Implement network segmentation to restrict the spread of attacks within the network.
6. Expert Consultation:
   • Consult cybersecurity experts for advice on network protection and ensure effective implementation of mitigation strategies.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!