Home > Cyber News > CVE-2022-22274 SonicWall Vulnerability Could Cause RCE, DoS Attacks
CYBER NEWS

CVE-2022-22274 SonicWall Vulnerability Could Cause RCE, DoS Attacks

CVE-2022-22274 SonicWall Vulnerability Could Cause RCE, DoS Attacks

There’s a new SonicWall vulnerability, identified as CVE-2022-22274. The vulnerability is critical, and resides in multiple firewall appliances. If weaponized, remote threat actors could perform arbitrary code execution and cause a denial-of-service (DoS) condition.




CVE-2022-22274 SonicWall Vulnerability: Technical Description

According to the official advisory, the vulnerability is an unauthenticated stack-based buffer overflow issue in SonicOS, rated 9.4 out of 10 on the CVSS scale.

More specifically, the issue is located in the web management interface of SonicOS that could be triggered by sensing a specially crafted HTTP request. If this happens, a remote code execution or denial-of-service condition appears.

There isn’t any indication of active exploitation CVE-2022-22274, SonicWall PSIRT said in the advisory. There are no reports of a PoC (proof-of-concept), and there are no reports of malicious use.

However, the organization urges organizations using impacted SonicWall firewalls to limit SonicOS management access to trusted sources. Another option is disabling management access from untrusted internet sources, which could be done by modifying the existing SonicOS Management access rules (SSH/HTTPS/HTTP Management). This workaround should be done until patches are made available.

Please note that the CVE-2022-22274 vulnerability only affects the web management interface, with SonicOS SSLVPN interface not impacted. Find out which devices are impacted in the official advisory.

SonicWall Zero-Day Fixed Earlier This Year

Earlier this year, in February, SonicWall reported a zero-day vulnerability that was exploited in the wild.
The firm has analyzed reports from their customers regarding the compromised SMA 100 series networking devices.

“In these cases, we have so far only observed the use of previously stolen credentials to log into the SMA devices,” the team said. The attacks were connected to the increased remote work during the pandemic, leading to “inappropriate access” attempts.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...