January 16, 2024 at 08:21AM
Security researchers have uncovered vulnerabilities in over 178,000 SonicWall next-generation firewalls (NGFW) with exposed management interfaces online, potentially leading to denial-of-service (DoS) and remote code execution (RCE) attacks. These vulnerabilities could impact a significant number of SonicWall devices and may pose a serious threat to corporate networks, emphasizing the need for immediate action.
In summary, security researchers have discovered that over 178,000 SonicWall next-generation firewalls with exposed management interfaces are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. The vulnerabilities are tracked as CVE-2022-22274 and CVE-2023-0656 and are caused by reusing the same vulnerable code pattern. Even though the vendor initially claimed there were no exploits available, it was discovered that both vulnerabilities were caused by the same code pattern and that an exploit was available for CVE-2022-22274. While SonicWall PSIRT has no knowledge of these vulnerabilities being exploited in the wild, there is at least one proof-of-concept (PoC) exploit available online for CVE-2022-22274. Admins are advised to ensure that their SonicWall NGFW appliances’ management interface is not exposed online and to upgrade to the latest firmware versions promptly. Additionally, SonicWall appliances have been targeted in cyber-espionage attacks and by ransomware gangs in the past.