Skip to content

Critical SonicWall Firewall Patch Not Released for All Devices

Security hardware manufacturer SonicWall has fixed a critical vulnerability in the SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE).

The security flaw is a stack-based buffer overflow weakness with a 9.4 CVSS severity score and impacting multiple SonicWall firewalls.

Tracked as CVE-2022-22274, the bug affects TZ Series entry-level desktop form factor next-generation firewalls (NGFW) for small- and medium-sized businesses (SMBs), Network Security Virtual (NSv series) firewalls designed to secure the cloud, and Network Security services platform (NSsp) high-end firewalls.

Analyst comments:
According to the security advisory published by SonicWall, unauthenticated attackers can exploit the flaw remotely via HTTP requests, in low complexity attacks that don’t require user interaction.

At the time of this writing, the Product Security Incident Response Team at SonicWall has stated that it is not aware of active exploitation in the wild. No reports of a proof-of-concept exploits have been made public and malicious use of this vulnerability has not been reported to SonicWall.

Although SonicWall has released patches for most of its impacted SonicOS versions and firewalls, there is still one firewall that is awaiting a patch for the stack-based buffer overflow flaw. The affected firewall is NSsP 15700 (version 7.0.1-R579 and earlier). SonicWall expects an official firmware version with necessary patches for NSsp15700 to be available in mid-April 2022. In the meantime, customers using this firewall can reach out to the SonicWall support team for a hotfix firmware (5030-HF-R844) update.

Mitigation:
Until the patches can be applied SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP). This will only allow management access from trusted source IP addresses.

New call-to-action