SonicWall firewall admins urged to update to prevent devices from being compromised

Network administrators with two models of SonicWall firewalls in their environments are being urged take action to prevent the devices from possibly being compromised.

The warning comes from researchers at Bishop Fox, an Arizona-based cybersecurity company, which says over 178,000 series 6 and series 7 next-generation firewalls could be in danger.

The problem is in unauthenticated denial-of-service vulnerabilities announced last year and in 2022, patches for which have already been issued. No exploitation has been seen in the wild since.

However, the researchers say a proof-of-concept exploit for the 2023 vulnerability has publicly been released.

“Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” the researchers said Monday.

SonicWall firewalls at risk are ones with management interfaces exposed to the internet, the report says.

“The impact of a widespread attack could be severe,” say the researchers. “In its default configuration, SonicOS restarts after a crash, but after three crashes in a short period of time it boots into maintenance mode and requires administrative action to restore normal functionality. The latest available firmware protects against both vulnerabilities, so be sure to upgrade immediately (and make sure the management interface isn’t exposed to the internet).

The two vulnerabilities are CVE-2022-22274, an unauthenticated buffer overflow affecting the firewalls’ web management interfaces, and CVE-2023-0656, a stack-based buffer overflow vulnerability in the SonicOS that could allow a remote unauthenticated attacker to cause Denial of Service (DoS), which could then cause an impacted firewall to crash.

Looking into the bugs, the Bishop Fox researchers found that CVE-2022-22274 was caused by the same vulnerable code pattern as  CVE-2023-0656 — but in a different place —  and exploitable at different HTTP URI paths. That makes exploitation easy.

Admins are urged to see if they have an exploitable device. If so, the web management interface should be detached from the internet, after which the firmware should be upgraded to the latest version.

“At this point in time, an attacker can easily cause a denial of service using this exploit,” note the researchers, “but as SonicWall noted in its advisories, a potential for remote code execution exists. While it may be possible to devise an exploit that can execute arbitrary commands, additional research is needed to overcome several challenges …

“Perhaps a bigger challenge for an attacker is determining in advance what firmware and hardware versions a particular target is using, as the exploit must be tailored to these parameters. Since no technique is currently known for remotely fingerprinting SonicWall firewalls, the likelihood of attackers leveraging RCE is, in our estimation, still low. Regardless, taking the appropriate precautions to secure your devices will ensure they don’t fall victim to a potentially painful DoS attack.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now