Critical Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS
SonicWall PSIRT has confirmed that an unauthenticated Stack-based Buffer Overflow in SonicOS potentially leads to firewall crash, denial of service (DoS) or remote code execution (RCE).
SonicWall PSIRT is not aware of active exploitation against this vulnerability in the wild.
Please carefully review the knowledge base (KB) article and follow guidance for immediate firmware upgrade.
Advisory ID: SNWLID-2022-0003
Product(s): Gen 7 TZ, NSa, NSsp and NSv firewalls; Gen 6.5 NSv firewalls
Impacted Version(s): 7.0.1-5050 and earlier; 7.0.1-R579 and earlier (Gen 7 NSsp 15700 only); 220.127.116.11-44v-21-1452 and earlier (Gen 6.5 NSv only)
Fixed Version(s): 7.0.1-5051 and later; 18.104.22.168-44v-21-1519 and later
CVSS: 9.4 (Critical)
Exploitation: None observed.
Notes: SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (POC) have been made public, nor has malicious use of this vulnerability been reported to SonicWall.