TT-CSIRT – 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 and CVE-2022-22274

TT-CSIRT – 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 and CVE-2022-22274

Severity: Critical

Overview:

SonicWall Firewalls CVE-2022-22274 and CVE-2023-0656 have CVSS score of 9.4 and 7.5 respectively. A proof-of-concept has been published therefore the vulnerabilities are more susceptible to exploitation.

Affected Systems:

Various SonicWall devices, including TZ series, NSa models, NSsp series, and NSv models, are susceptible to the mentioned vulnerabilities.

Description:

Over 178,000 SonicWall firewalls exposed on the internet are vulnerable to security flaws that could result in denial of service (DoS) and remote code execution (RCE). The vulnerabilities, identified as CVE-2022-22274 with a CVSS score of 9.4, involve a stack-based buffer overflow in SonicOS via HTTP requests, which allows a remote, unauthenticated attacker to cause a DoS or potentially execute code on the firewall.

Similarly, CVE-2023-0656 is a Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Recommendations:

To patch the Buffer Overflow Vulnerability, upgrade to the latest SonicOS or firmware versions.

If patching cannot be performed at this point in time, SonicWall’s PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS Management access rules (SSH/HTTPS/HTTP Management). This will only allow management access from trusted source IP addresses.

References:

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
• https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22274
• https://nvd.nist.gov/vuln/detail/CVE-2022-22274
• https://thesecmaster.com/how-to-fix-cve-2022-22274-a-critical-buffer-overflow-vulnerability-in-sonicos-sonicwall-firewall/#:~:text=What%20is%20this%3F-,How%20To%20Fix%20CVE%2D2022%2D22274%2D%20A%20Critical%20Buffer,earlier%20should%20upgrade%20to%207.0.

Contact Information:

If you have any queries, comments or require assistance, please feel free to contact the TT-CSIRT via contacts@ttcsirt.gov.tt