SonicOS: Vulnerability Can Crash Firewall

B2B Cyber ​​Security ShortNews

Share post

Sonicwall reports a highly dangerous vulnerability in its firewall operating system SonicOS: A stack-based buffer overflow allows remote attackers with a Denial of Service (DoS) to crash the affected firewall.

Sonicwall is required to report a dangerous vulnerability in SonicOC with a rating of 7,5 High. CVE-2023-0656 describes the dangerous issue: "The stack-based buffer overflow vulnerability in SonicOS allows a remote, unauthenticated attacker to trigger Denial of Service (DoS), which could lead to an affected firewall crashing." However, Sonicwall states that the vulnerability has not yet been actively exploited. But as we all know, it's only a matter of time.

Web management interface affected

Sonicwall further states that the vulnerability only affects the web management interface. Access via the SonicOS SSLVPN interface is not affected. However, it is recommended that the vulnerability be patched or access restricted immediately: "Until the following patches can be applied, SonicWall PSIRT strongly recommends administrators to restrict SonicOS management access to trusted sources (and/or management access from untrusted Internet sources to disable) by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP management). This allows management access only from trusted source IP addresses.”

Some patches are not yet available

Sonicwall recommends Gen6 NSv with the temporary access restriction to avoid exploitation. An official firmware release with the necessary patches for Gen2023 NSv is expected to be available by mid-March 6.

Patch 7.0.1-5111 is intended to be used on these affected devices: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870.

For NSsp 15700 you should contact support and for NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 1600 you should use access restrictions.

More at SonicWall.com

 


About SonicWall

SonicWall provides limitless cybersecurity for an extremely decentralized work environment where everyone is remote, mobile and potentially at risk. Thanks to SonicWall, companies that have to find their way in a changing world of work benefit from seamless protection against highly developed threats that attack their network via countless points of attack and increasingly mobile and cloud-based employees. With the identification of unknown threats, advanced real-time monitoring functions and outstanding cost-effectiveness, SonicWall is helping companies, government agencies and SMBs around the world to close the cybersecurity gap.


 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more