Critical Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS
SonicWall PSIRT has confirmed that an unauthenticated Stack-based Buffer Overflow in SonicOS potentially leads to firewall crash, denial of service (DoS) or remote code execution (RCE).
SonicWall PSIRT is not aware of active exploitation against this vulnerability in the wild.
Please carefully review the knowledge base (KB) article and follow guidance for immediate firmware upgrade.
Advisory ID: SNWLID-2022-0003
Product(s): Gen 7 TZ, NSa, NSsp and NSv firewalls; Gen 6.5 NSv firewalls
Impacted Version(s): 7.0.1-5050 and earlier; 7.0.1-R579 and earlier (Gen 7 NSsp 15700 only); 126.96.36.199-44v-21-1452 and earlier (Gen 6.5 NSv only)
Fixed Version(s): 7.0.1-5051 and later; 188.8.131.52-44v-21-1519 and later
CVSS: 9.4 (Critical)
Exploitation: None observed.
Notes: SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (POC) have been made public, nor has malicious use of this vulnerability been reported to SonicWall.
Can anyone clarify if the SSLVPN web interface is affected here? This makes a massive difference to how serious this is for our "fleet" - we tie down remote management to specific IPs, but SSLVPN login is available from everywhere [well, select countries, anyway].
@Arkwright it's just a guess, but because authentication is involved I wouldn't take any risk considering it's used for management and SSLVPN as well. PSIRT note only mentioned management though.
Maybe SNWL is eager to chime in to clarify.
Hello @Arkwright, I hope you are well.
Our product management and engineering teams have confirmed that this vulnerability ONLY impacts the SonicOS web management interface. The SonicOS SSLVPN interface is not impacted. I have updated the security advisory to point this out.
@micah - SonicWall's Self-Service Sr. Manager