Nearly 180,000 SonicWall Firewalls exposed on the Internet are vulnerable to at least one of these CVEs

According to the latest study by The Hacker News over 178,000 SonicWall firewalls exposed on the Internet are vulnerable to at least one of two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). These vulnerabilities impact the next-generation SonicWall Series 6 and 7 devices. Let’s delve into the details of these two flaws:

1. CVE-2022-22274 (CVSS score: 9.4): A stack-based buffer overflow vulnerability in SonicOS via an HTTP request allows a remote, unauthenticated attacker to trigger DoS or possibly execute code on the firewall.
2. CVE-2023-0656 (CVSS score: 7.5): Another stack-based buffer overflow vulnerability in SonicOS enables a remote, unauthenticated attacker to cause DoS, potentially resulting in firewall lockup.

While there are no reports of active exploitation of these flaws in the wild, a proof-of-concept (PoC) for CVE-2023-0656 has been published Bishop Fox, a cybersecurity firm, warns that malicious actors could leverage these vulnerabilities to trigger repeated lockups and force the device into maintenance mode, requiring administrative action to restore normal functionality. To safeguard against potential threats, it is advisable to update to the latest version and ensure that the management interface is not exposed to the Internet.

How to know if your SonicWall firewall is vulnerable.

To check if your SonicWall firewall is vulnerable, follow these steps:

1. Verify your firewall model and version: Make sure you know the specific model and SonicOS version you are using.
2. Check security advisories: Visit the official SonicWall website or search online to see if there are specific security alerts for your firewall model. Look for information related to vulnerabilities CVE-2022-22274 and CVE-2023-0656.
3. Update to the latest version: If your firewall is affected by these vulnerabilities, upgrade to the latest SonicOS version. Security updates often include fixes for known vulnerabilities.
4. Assess Internet exposure: Ensure that the management interface of your firewall is not directly exposed to the Internet. If possible, configure firewall rules to limit access to the management interface from specific locations.
5. Perform a security scan: Use security scanning tools to check if your firewall exhibits signs of the known vulnerabilities. This may involve port scans and penetration testing.

How to mitigate this threat?

Update your SonicWall firmware.

To update the firmware of your SonicWall firewall, follow these steps:

1. Verify your firewall model and version: Make sure you know the specific model and SonicOS version you are using.
2. Check security advisories: Visit the official SonicWall website or search online to see if there are specific security alerts for your firewall model. Look for information related to vulnerabilities CVE-2022-22274 and CVE-2023-0656.
3. Back up your settings:
   • Click Device in the top navigation menu.
   • Navigate to Settings | Firmware and Settings.
   • Select the Import/Export Configuration option and save the .EXP file to a safe location.
   • On the same page, click Create Backup | Local Backup to save a copy of the existing settings to the SonicWall’s non-volatile memory.
   • CAUTION: Ensure you are satisfied with the state of your settings before creating a backup. A SonicWall can only hold one backup image at a time, so creating one will erase any existing versions.
4. Download and import the new firmware:
   • Go to MySonicWall.com and log in with the account your SonicWall is registered to.
   • Click Product Management | My Products and locate the device you want to update.
   • Click the device’s serial number and select the Firmware icon to access the available firmware version.
   • The current firmware version will be displayed. Scroll down and select Browse All Firmware to see all available versions.
   • Explore the versions and click the download button next to the .SIG file you wish to download.
   • SonicOS firmware has the following designations:
     • General Release: Widely deployed and proven software suitable for typical use cases. It is the choice for reliability in production environments.
     • Feature Release: Introduces major new features and has undergone thorough engineering, quality, alpha, and beta test cycles. It may become a General Release after meeting maturity criteria. Refer to the release notes for major features.
     • Maintenance Release: Includes bug fixes and enhancements for previous versions.
5. Verify Internet Exposure:
   • Ensure that the management interface of your firewall is not directly exposed to the Internet.
   • Configure firewall rules to limit access to the management interface from specific locations.
6. Conduct a Security Scan:
   • Use security scanning tools to check if your firewall exhibits signs of the known vulnerabilities. This may involve port scans and penetration testing

Remember to keep your firewall updated and follow security best practices to protect your systems and data. If you have questions or need further assistance, consider consulting with a cybersecurity professional or reaching out to SonicWall support.

CVE-2022-22274 – Affected Poducts

CVE-2022-22274 – SonicWall Fixed Software

CVE-2023-0656 – Affected Poducts

CVE-2023-0656 – SonicWall Fixed Software