SonicWall – SonicOS Unauthenticated Stack-Based Buffer Overflow Vulnerability
Date of Notice: 01/16/2024
Action Level - High
Description
MCNC would like to alert you regarding a vulnerability affecting SonicWall Firewalls. A Stack-based buffer overflow vulnerability in the SonicOS via a HTTP request, allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution on the firewall. Currently over 178,000 SonicWall devices are impacted by this vulnerability; vulnerability details can be found here CVE-2022-22274 (Risk Score: 9.4) and here CVE-2023-0656 (Risk Score: 7.5).
NB: This vulnerability currently ONLY impacts the "web management" interface, the SonicOS SSLVPN interface is not impacted.
Exploit scripts have just started to be found on github and using these scripts is relatively easy. A great example of how the buffer-overflow vulnerability works can be found here, CVE-2022-22274_CVE-2023-0656.
Fixed Versions
- For CVE-2022-22274
| Product | Impacted Platforms | Impacted Version | Fixed Version |
| SonicWall FireWalls | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570,TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,NSv 270, NSv 470, NSv 870 | 7.0.1-5050 and earlier | 7.0.1-5051 and higher |
| SonicWall NSsp Firewall | NSsp 15700 | 7.0.1-R579 and earlier | Mid-April (Hotfix build 7.0.1-5030-HF-R844) |
| SonicWall NSv Firewalls | NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,NSv, 300, NSv 400, NSv 800, NSv 1600 | 6.5.4.4-44v-21-1452 and earlier | 6.5.4.4-44v-21-1519 and higher |
- For CVE-2023-0656
| Product | Impacted Platforms | Impacted Version | Fixed Version |
| SonicWall FireWalls | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570,TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,NSv 270, NSv 470, NSv 870 | 7.0.1-5095 and earlier | 7.0.1-5111 and higher |
| SonicWall NSsp Firewall | NSsp 15700 | 7.0.1-5083 and earlier | Please contact SonicWall support for the Hotfix build. |
| SonicWall NSv Firewalls | NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,NSv, 300, NSv 400, NSv 800, NSv 1600 | 6.5.4.4-44v-21-1551 and earlier | Gen6 NSv - 6.5.4.4-44v-21-2079 and higher |
Attack Vector
An attacker with access to a vulnerable system via TCP 80/443.
Attack Feasibility
Proof of concept code for this exploit has been released, and active exploitation is likely in the very near future. Proof of concept can be found here.
Mitigation/Remediation
Immediately update your SonicWall firewall to a fixed/secure version.
Vendor Resources
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003