January 15, 2024 at 01:34PM
Security researchers discovered that more than 178,000 SonicWall firewalls with exposed online management interfaces are vulnerable to denial-of-service and remote code execution attacks. These vulnerabilities affect a large number of appliances and can lead to serious security risks. Users are advised to take measures to protect their devices from these potential exploits.
Summary of Meeting Notes:
– Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and remote code execution (RCE) attacks.
– The vulnerabilities are tracked as CVE-2022-22274 and CVE-2023-0656, with 76% of exposed firewalls being vulnerable to one or both issues.
– Both vulnerabilities are essentially the same, caused by reusing the same vulnerable code pattern, but exploitable at different HTTP URI paths.
– Attackers can exploit vulnerabilities to force firewalls into maintenance mode, disabling edge firewalls and VPN access to corporate networks.
– More than 500,000 SonicWall firewalls are currently exposed online, with over 328,000 in the United States.
– While SonicWall PSIRT has no knowledge of these vulnerabilities being exploited in the wild, at least one proof-of-concept (PoC) exploit is available for CVE-2022-22274.
– Admins are advised to ensure NGFW appliances’ management interface is not exposed online and to upgrade to the latest firmware versions as soon as possible.
– SonicWall’s appliances have been targeted in cyber-espionage attacks and by multiple ransomware gangs in the past.
Please let me know if there is anything else you need.