Sonicwall DoS security flaws RCE CVE-2022-22274 and CVE-2023-0656
Anyone using Sonicwall in the home lab or production? Take note of the following security vulnerability with management interfaces exposed to the Internet (not sure why you would do that) but:
Security experts have identified over 178,000 SonicWall next-generation firewalls (NGFW) that are exposed online and susceptible to denial-of-service (DoS) attacks, with potential for remote code execution (RCE).
These devices are compromised by two DoS vulnerabilities, designated CVE-2022-22274 and CVE-2023-0656. Notably, CVE-2022-22274 also provides an avenue for attackers to execute code remotely.
Jon Williams, a Senior Security Engineer at Bishop Fox, reported, "Our investigation, using BinaryEdge source data, revealed that 76% (178,637 out of 233,984) of SonicWall firewalls with exposed management interfaces are vulnerable to at least one of these issues."
Bishop Fox, who uncovered this extensive vulnerability, explains that both security flaws stem from the same coding oversight, but they can be exploited via different HTTP URI paths.
Williams added, "Our initial analysis aligned with the vendor's claim of no available exploit. However, upon pinpointing the compromised code, we realized it was identical to the issue later identified as CVE-2023-0656."
"It turned out that CVE-2022-22274 originated from the same coding error, just in a different location, and the exploit affects three more URI paths."
Even in cases where attackers may not achieve code execution on a targeted device, these vulnerabilities can be leveraged to trigger a maintenance mode, necessitating administrative action to reinstate normal functionality.