DOS Vulnerability discovered in SonicWall Next-Generation Firewall
DOS Vulnerability discovered in SonicWall Next-Generation Firewall
THREAT LEVEL: Amber
For a detailed advisory, download the pdf file here
SonicWall, a manufacturer of security hardware discovered a flaw in their SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE).
The identified vulnerability (CVE-2022-22274) affects TZ Series desktop form factor next-generation firewalls (NGFW) for small and medium-sized organizations (SMBs), Network Security Virtual (NSv) cloud-security firewalls, and Network Security Services Platform (NSsp) high-end firewalls. A remote unauthenticated attacker can cause a Denial of Service (DoS) or perhaps code execution in the firewall by exploiting an unauthenticated stack-based buffer overflow in SonicOS via an HTTP request.
We strongly advise administrators to limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) until organizations can update their operating systems to patch the vulnerability. This can be done by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP).
Potential MITRE ATT&CK TTPs are:
TA0001: Initial Access
TA0003: Persistence
TA0004: Privilege Escalation
TA0005: Defense Evasion
TA0040: Impact
TA0042: Resource Development
T1499: Endpoint Denial of Service
T1499.001: Endpoint Denial of Service: OS Exhaustion Flood
T1574: Hijack Execution Flow
T1588: Obtain Capabilities
T1588.006: Obtain Capabilities: Vulnerabilities
T1190: Exploit Public-Facing Application
Vulnerability Details
Affected Products
References
