SonicWall has launched patches for a critical-severity vulnerability in the
web management interface of numerous firewall software appliances. Tracked as CVE-2022-22274( CVSS score of 9.4), the security defect is described as a stack-based buffer overflow bug that impacts SonicOS.
Due to the fact that of this problem, a remote, unauthenticated aggressor can send out crafted HTTP requests to cause a denial-of-service (DoS) condition or carry out code in the firewall software.
The vulnerability effects over 30 SonicWall appliances running software variations 7.0.1-5050 and older, 7.0.1-R579 and older, and 6.5.4.4-44v-21-1452 and earlier.
SonicWall has actually resolved the vulnerability with the release of software application versions 7.0.1-5051 and 6.5.4.4-44v-21-1519. The business likewise announced that a hotfix for the NSsp 15700 firewall will arrive in mid-April.
[READ: SonicWall Customers Cautioned of Possible Attacks Exploiting Current Vulnerability ]
For customers who can not apply the offered patches immediately, a mitigating action involves limiting SonicOS management access to relied on IP addresses. For that, the SonicOS management access guidelines (SSH/HTTPS/HTTP Management) require to be modified.
“For NSsp 15700, continue with the short-term mitigation to avoid exploitation or reach out to the SonicWall support team who can offer you with a hotfix firmware (7.0.1-5030-HF-R844). SonicWall anticipates an official firmware variation with needed spots for NSsp15700 to be available in mid-April 2022,” the business notes.
SonicWall says that it is not aware of this vulnerability being actively made use of in the wild and proof-of-concept (PoC) code targeting the bug does not appear to be openly offered.
Related: Information Revealed for Current Vulnerabilities in SonicWall Remote Gain Access To Appliances
Related: SonicWall Patches Y2K22 Bug in Email Security, Firewall Products
Related: SonicWall Clients Warned of High-Risk Flaws in Remote Access Appliances
