SonicWall firewall admins urged to update to prevent devices from being compromised

Share post:

Network administrators with two models of SonicWall firewalls in their environments are being urged take action to prevent the devices from possibly being compromised.

The warning comes from researchers at Bishop Fox, an Arizona-based cybersecurity company, which says over 178,000 series 6 and series 7 next-generation firewalls could be in danger.

The problem is in unauthenticated denial-of-service vulnerabilities announced last year and in 2022, patches for which have already been issued. No exploitation has been seen in the wild since.

However, the researchers say a proof-of-concept exploit for the 2023 vulnerability has publicly been released.

“Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” the researchers said Monday.

SonicWall firewalls at risk are ones with management interfaces exposed to the internet, the report says.

“The impact of a widespread attack could be severe,” say the researchers. “In its default configuration, SonicOS restarts after a crash, but after three crashes in a short period of time it boots into maintenance mode and requires administrative action to restore normal functionality. The latest available firmware protects against both vulnerabilities, so be sure to upgrade immediately (and make sure the management interface isn’t exposed to the internet).

The two vulnerabilities are CVE-2022-22274, an unauthenticated buffer overflow affecting the firewalls’ web management interfaces, and CVE-2023-0656, a stack-based buffer overflow vulnerability in the SonicOS that could allow a remote unauthenticated attacker to cause Denial of Service (DoS), which could then cause an impacted firewall to crash.

Looking into the bugs, the Bishop Fox researchers found that CVE-2022-22274 was caused by the same vulnerable code pattern as  CVE-2023-0656 — but in a different place —  and exploitable at different HTTP URI paths. That makes exploitation easy.

Admins are urged to see if they have an exploitable device. If so, the web management interface should be detached from the internet, after which the firmware should be upgraded to the latest version.

“At this point in time, an attacker can easily cause a denial of service using this exploit,” note the researchers, “but as SonicWall noted in its advisories, a potential for remote code execution exists. While it may be possible to devise an exploit that can execute arbitrary commands, additional research is needed to overcome several challenges …

“Perhaps a bigger challenge for an attacker is determining in advance what firmware and hardware versions a particular target is using, as the exploit must be tailored to these parameters. Since no technique is currently known for remotely fingerprinting SonicWall firewalls, the likelihood of attackers leveraging RCE is, in our estimation, still low. Regardless, taking the appropriate precautions to secure your devices will ensure they don’t fall victim to a potentially painful DoS attack.”

The post SonicWall firewall admins urged to update to prevent devices from being compromised first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways