SonicWall has launched patches for a critical-severity vulnerability in the
web management interface of numerous firewall software appliances. Tracked as CVE-2022-22274( CVSS score of 9.4), the security defect is described as a stack-based buffer overflow bug that impacts SonicOS.
Due to the fact that of this problem, a remote, unauthenticated aggressor can send out crafted HTTP requests to cause a denial-of-service (DoS) condition or carry out code in the firewall software.
The vulnerability effects over 30 SonicWall appliances running software variations 7.0.1-5050 and older, 7.0.1-R579 and older, and 22.214.171.124-44v-21-1452 and earlier.
SonicWall has actually resolved the vulnerability with the release of software application versions 7.0.1-5051 and 126.96.36.199-44v-21-1519. The business likewise announced that a hotfix for the NSsp 15700 firewall will arrive in mid-April.
For customers who can not apply the offered patches immediately, a mitigating action involves limiting SonicOS management access to relied on IP addresses. For that, the SonicOS management access guidelines (SSH/HTTPS/HTTP Management) require to be modified.
“For NSsp 15700, continue with the short-term mitigation to avoid exploitation or reach out to the SonicWall support team who can offer you with a hotfix firmware (7.0.1-5030-HF-R844). SonicWall anticipates an official firmware variation with needed spots for NSsp15700 to be available in mid-April 2022,” the business notes.
SonicWall says that it is not aware of this vulnerability being actively made use of in the wild and proof-of-concept (PoC) code targeting the bug does not appear to be openly offered.