9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
SonicWall Next-Generation Firewalls (NGFW) with an online management console are vulnerable to denial of service (DoS) and even remote code execution (RCE). Two vulnerabilities, CVE-2022-22274 and CVE-2023-0656, allowed
SonicWall Next-Generation Firewalls (NGFW) with an online management console are vulnerable to denial of service (DoS) and even remote code execution (RCE).
Two vulnerabilities, CVE-2022-22274 and CVE-2023-0656, allowed security researchers to uncover vulnerabilities in more than 178,000 SonicWall firewalls in active use today.
Jon Williams, a researcher at Bishop Fox, explains the vulnerability on their security blog. “Using BinaryEdge source data, we scanned SonicWall firewalls with management interfaces exposed to the Internet and found that 76 percent (178,637 of 233,984) were vulnerable to one or both issues.”
According to Bishop Fox, both CVE threats are fundamentally the same because they use the same vulnerable code pattern. “You can exploit this through various HTTP URI paths.”
“Our initial investigation confirmed the vendor’s claim that no exploit was available. After identifying the vulnerable code, we determined it was the same issue that was announced a year later as CVE-2023-0656,” Williams said.
“We determined that CVE-2022-22274 was caused by the same vulnerable code pattern elsewhere and the exploit worked against three additional URI paths.”
Bleeping Computer reports that attackers cannot perform RCE this way, but devices can be put into maintenance mode. In this case, administrator intervention is required to restore default functionality.
Rogue hackers can remotely disable firewalls and prevent VPN access by enabling this feature.
In total, there are more than 500,000 SonicWall firewalls available online worldwide, including 328,000 in the US and 100,000 in Europe, according to Shadowserver. Below you will find the specific numbers in the Benelux and neighboring countries.
| country | Number of firewalls |
| Belgium | 2,460 |
| The Netherlands | 5,003 |
| Luxembourg | 226 |
| France | 9,776 |
| Germany | 16,353 |
| Great Britain | 16,367 |
| Spain | 14,178 |
| Italy | 8,689 |
SonicWall is not aware of any misuse, but a proof of concept (PoC) is available under CVE-2022-22274.
Administrators are recommended not to make their management interface available online. Everyone should also download and install the latest firmware as soon as possible.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
