Sonicwall uses a vulnerability list on its Security Advisory information page to point out security gaps in various firewalls. Attackers could inject code with manipulated packets or even paralyze the firewall.
Vulnerabilities exist in some Sonicwall firewalls, allowing remote attackers to even inject malicious code. as a result, devices can also be paralyzed by a DoS attack. The manufacturer Sonicwall already provides information on the security gap and patches.
List of Sonicwall firewalls where the vulnerability needs to be patched (Image: Sonicwall).
Many firewalls affected by vulnerability
Administrators should close the gaps quickly, as the problem with CVE-2022-22274 is classified as a critical risk with a score of 9.4. According to the Sonicwall description, the following could happen “A stack-based buffer overflow vulnerability in SonicOS via HTTP request could allow a remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially lead to code execution in the firewall. SonicWall PSIRT has not yet observed active use in the wild. No reports of a PoC have been released and no malicious use of this vulnerability has been reported to SonicWall.”
Sonicwall lists all affected devices on its website and also provides instructions there on what to do to secure the vulnerabilities.
More at SonicWall.com
About SonicWall SonicWall provides limitless cybersecurity for an extremely decentralized work environment where everyone is remote, mobile and potentially at risk. Thanks to SonicWall, companies that have to find their way in a changing world of work benefit from seamless protection against highly developed threats that attack their network via countless points of attack and increasingly mobile and cloud-based employees. With the identification of unknown threats, advanced real-time monitoring functions and outstanding cost-effectiveness, SonicWall is helping companies, government agencies and SMBs around the world to close the cybersecurity gap.