October 6, 2022
SonicWall has launched patches for a critical-severity vulnerability in the web management interface of numerous firewall software appliances. Tracked as CVE-2022-22274( CVSS score of 9.4), the security defect is described as a stack-based buffer overflow bug that impacts SonicOS. Due to the fact that of this problem, a remote, unauthenticated aggressor can send out crafted…

SonicWall has launched patches for a critical-severity vulnerability in the

web management interface of numerous firewall software appliances. Tracked as CVE-2022-22274( CVSS score of 9.4), the security defect is described as a stack-based buffer overflow bug that impacts SonicOS.

Due to the fact that of this problem, a remote, unauthenticated aggressor can send out crafted HTTP requests to cause a denial-of-service (DoS) condition or carry out code in the firewall software.

The vulnerability effects over 30 SonicWall appliances running software variations 7.0.1-5050 and older, 7.0.1-R579 and older, and 6.5.4.4-44v-21-1452 and earlier.

SonicWall has actually resolved the vulnerability with the release of software application versions 7.0.1-5051 and 6.5.4.4-44v-21-1519. The business likewise announced that a hotfix for the NSsp 15700 firewall will arrive in mid-April.

[READ: SonicWall Customers Cautioned of Possible Attacks Exploiting Current Vulnerability ]

For customers who can not apply the offered patches immediately, a mitigating action involves limiting SonicOS management access to relied on IP addresses. For that, the SonicOS management access guidelines (SSH/HTTPS/HTTP Management) require to be modified.

“For NSsp 15700, continue with the short-term mitigation to avoid exploitation or reach out to the SonicWall support team who can offer you with a hotfix firmware (7.0.1-5030-HF-R844). SonicWall anticipates an official firmware variation with needed spots for NSsp15700 to be available in mid-April 2022,” the business notes.

SonicWall says that it is not aware of this vulnerability being actively made use of in the wild and proof-of-concept (PoC) code targeting the bug does not appear to be openly offered.

Related: Information Revealed for Current Vulnerabilities in SonicWall Remote Gain Access To Appliances

Related: SonicWall Patches Y2K22 Bug in Email Security, Firewall Products

Related: SonicWall Clients Warned of High-Risk Flaws in Remote Access Appliances

Source