There’s a new SonicWall vulnerability, identified as CVE-2022-22274. The vulnerability is critical, and resides in multiple firewall appliances. If weaponized, remote threat actors could perform arbitrary code execution and cause a denial-of-service (DoS) condition.
CVE-2022-22274 SonicWall Vulnerability: Technical Description
According to the official advisory, the vulnerability is an unauthenticated stack-based buffer overflow issue in SonicOS, rated 9.4 out of 10 on the CVSS scale.
More specifically, the issue is located in the web management interface of SonicOS that could be triggered by sensing a specially crafted HTTP request. If this happens, a remote code execution or denial-of-service condition appears.
There isn’t any indication of active exploitation CVE-2022-22274, SonicWall PSIRT said in the advisory. There are no reports of a PoC (proof-of-concept), and there are no reports of malicious use.
However, the organization urges organizations using impacted SonicWall firewalls to limit SonicOS management access to trusted sources. Another option is disabling management access from untrusted internet sources, which could be done by modifying the existing SonicOS Management access rules (SSH/HTTPS/HTTP Management). This workaround should be done until patches are made available.
Please note that the CVE-2022-22274 vulnerability only affects the web management interface, with SonicOS SSLVPN interface not impacted. Find out which devices are impacted in the official advisory.
SonicWall Zero-Day Fixed Earlier This Year
Earlier this year, in February, SonicWall reported a zero-day vulnerability that was exploited in the wild.
The firm has analyzed reports from their customers regarding the compromised SMA 100 series networking devices.
“In these cases, we have so far only observed the use of previously stolen credentials to log into the SMA devices,” the team said. The attacks were connected to the increased remote work during the pandemic, leading to “inappropriate access” attempts.