Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Critical Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS

AjishlalAjishlal Community Legend ✭✭✭✭✭

SonicWall PSIRT has confirmed that an unauthenticated Stack-based Buffer Overflow in SonicOS potentially leads to firewall crash, denial of service (DoS) or remote code execution (RCE).

SonicWall PSIRT is not aware of active exploitation against this vulnerability in the wild.

Please carefully review the knowledge base (KB) article and follow guidance for immediate firmware upgrade.

OVERVIEW

Advisory ID: SNWLID-2022-0003

Product(s): Gen 7 TZ, NSa, NSsp and NSv firewalls; Gen 6.5 NSv firewalls

Impacted Version(s): 7.0.1-5050 and earlier; 7.0.1-R579 and earlier (Gen 7 NSsp 15700 only); 6.5.4.4-44v-21-1452 and earlier (Gen 6.5 NSv only)

Fixed Version(s): 7.0.1-5051 and later; 6.5.4.4-44v-21-1519 and later

CVSS: 9.4 (Critical)

Exploitation: None observed.

Notes: SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (POC) have been made public, nor has malicious use of this vulnerability been reported to SonicWall.

Category: Technology and Support
Reply

Comments

  • ArkwrightArkwright Cybersecurity Overlord ✭✭✭
    edited March 25

    Can anyone clarify if the SSLVPN web interface is affected here? This makes a massive difference to how serious this is for our "fleet" - we tie down remote management to specific IPs, but SSLVPN login is available from everywhere [well, select countries, anyway].

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Arkwright it's just a guess, but because authentication is involved I wouldn't take any risk considering it's used for management and SSLVPN as well. PSIRT note only mentioned management though.

    Maybe SNWL is eager to chime in to clarify.

    --Michael@BWC

  • MicahMicah admin
    edited March 29

    Hello @Arkwright, I hope you are well.

    Our product management and engineering teams have confirmed that this vulnerability ONLY impacts the SonicOS web management interface. The SonicOS SSLVPN interface is not impacted. I have updated the security advisory to point this out.

    Kind regards,

    @micah - SonicWall's Self-Service Sr. Manager

Sign In or Register to comment.