Network administrators warned of vulnerabilities in SonicWall series 6 and 7 firewalls. Unauthenticated exploits could lead to severe consequences. (IT World Canada)


January 17, 2024

Network administrators using SonicWall firewalls, specifically the series 6 and series 7 models, have received a warning to take precautionary measures against potential compromises, according to cybersecurity researchers at Bishop Fox, an Arizona-based cybersecurity company. The concern revolves around unauthenticated denial-of-service vulnerabilities that were disclosed in 2022 and 2023, both of which have received patches.

While there haven't been any reported exploits in the wild for the vulnerabilities disclosed in 2022 and 2022, researchers note that a proof-of-concept exploit for the 2023 vulnerability has been publicly released. The researchers highlight that the two issues share a fundamental similarity but are exploitable at different HTTP URI paths due to the reuse of a vulnerable code pattern.

The identified SonicWall firewalls at risk are those with exposed management interfaces to the internet. The potential impact of a widespread attack is deemed severe by the researchers. In the default configuration, SonicOS restarts after a crash, but after three crashes in a short timeframe, it enters maintenance mode, requiring administrative action for restoration. Upgrading to the latest firmware is crucial for protection against both vulnerabilities, and administrators are advised to ensure that the management interface is not exposed to the internet.

The two vulnerabilities in question are CVE-2022-22274, an unauthenticated buffer overflow affecting the web management interfaces, and CVE-2023-0656, a stack-based buffer overflow vulnerability in SonicOS, capable of causing Denial of Service (DoS) by a remote unauthenticated attacker. This could result in the impacted firewall crashing.

Upon examining the vulnerabilities, Bishop Fox researchers discovered that CVE-2022-22274 and CVE-2023-0656 share the same vulnerable code pattern but are located in different places, making exploitation relatively straightforward. Administrators are strongly encouraged to assess if their devices are exploitable and, if so, detach the web management interface from the internet. Additionally, upgrading the firmware to the latest version is emphasized as a crucial step.

The researchers point out that, currently, an attacker can easily cause a denial of service using the exploit. While the potential for remote code execution exists, SonicWall advisories note that devising an exploit for arbitrary commands may pose challenges and require further research. Furthermore, determining the specific firmware and hardware versions of a target presents a hurdle for attackers, as there is currently no known technique for remotely fingerprinting SonicWall firewalls. Despite this, the researchers stress the importance of taking appropriate precautions to secure devices and prevent potential DoS attacks.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

You may also like

EV Interest Dips Among Canadians for Third Year Straight

A recent AutoTrader survey reveals that interest in electric vehicles (EVs) among Canadians is steadily declining, despite a noticeable drop....

Nations Boost Digital Defences as Cyber Threats Grow

In a troubling sign of the times, hackers backed by Russia’s government infiltrated a water facility in the small Texas....

Google to Challenge Part of US Court's Ruling in Monopoly Case

Google, part of Alphabet Inc., has announced plans to appeal a portion of the recent court ruling in the ongoing....

Google Faces £5B UK Lawsuit Over Search Engine Control

Google is now facing a massive £5 billion lawsuit in the United Kingdom, accusing the tech giant of using its....

Meta CEO Zuckerberg eyed Instagram split in 2018, email reveals

According to an internal email revealed during an ongoing antitrust trial, Meta CEO Mark Zuckerberg considered splitting Instagram from Facebook....

Meta’s Monopoly Trial Begins: What’s at Stake for Instagram and WhatsApp

In a major legal showdown, Meta CEO Mark Zuckerberg appeared in court on Monday as part of a historic antitrust....

 Future Legislation Must Address AI’s Role in News Compensation

As the media landscape evolves, researchers in Canada suggest future laws aimed at balancing the power between tech giants and....

Ireland Investigates Musk’s X Over AI Data Collection Practices

Ireland’s Data Protection Commission (DPC) has launched a formal investigation into Elon Musk’s platform X, formerly known as Twitter, over....

Google Cuts Prices for U.S. Government to Compete with Microsoft

In a bold move to expand its presence in the public sector, Google is now offering deep discounts on its....

Alphabet Sticks to $75B Spending Plan Amid Tariff Concerns

Alphabet, the parent company of Google, has confirmed its decision to invest a staggering $75 billion in 2025, mainly to....

TSMC Faces Over $1B Fine Over Huawei Chip Link: US Probe

Taiwan’s leading chipmaker, TSMC, may be hit with a fine of over $1 billion after a U.S. investigation revealed one....

Shopify CEO: AI Skills Now a Must for All Employees

Shopify is taking artificial intelligence more seriously than ever before. In a recent internal memo, CEO Tobi Lütke told employees....