Home Cyber Security Alert: Over 178,000 SonicWall Firewalls Doubtlessly Weak to Exploits

Alert: Over 178,000 SonicWall Firewalls Doubtlessly Weak to Exploits

0
Alert: Over 178,000 SonicWall Firewalls Doubtlessly Weak to Exploits

[ad_1]

Jan 16, 2024NewsroomVulnerability / Community Safety

SonicWall Firewalls

Over 178,000 SonicWall firewalls uncovered over the web are exploitable to at the least one of many two safety flaws that may very well be probably exploited to trigger a denial-of-service (DoS) situation and distant code execution (RCE).

“The 2 points are basically the identical however exploitable at completely different HTTP URI paths attributable to reuse of a susceptible code sample,” Jon Williams, a senior safety engineer at Bishop Fox, mentioned in a technical evaluation shared with The Hacker Information.

Cybersecurity

The vulnerabilities in query are listed under –

  • CVE-2022-22274 (CVSS rating: 9.4) – A stack-based buffer overflow vulnerability within the SonicOS by way of HTTP request permits a distant, unauthenticated attacker to trigger DoS or probably lead to code execution within the firewall.
  • CVE-2023-0656 (CVSS rating: 7.5) – A stack-based buffer overflow vulnerability within the SonicOS permits a distant, unauthenticated attacker to trigger DoS, which may lead to a crash.

Whereas there aren’t any studies of exploitation of the failings within the wild, a proof-of-concept (PoC) for CVE-2023-0656 was revealed by the SSD Safe Disclosure group April 2023.

The cybersecurity agency revealed that the problems may very well be weaponized by dangerous actors to set off repeated crashes and power the equipment to get into upkeep mode, requiring administrative motion to revive regular performance.

“Maybe most astonishing was the invention that over 146,000 publicly-accessible gadgets are susceptible to a bug that was revealed virtually two years in the past,” Williams mentioned.

Cybersecurity

The event comes as watchTowr Labs uncovered a number of stack-based buffer overflow flaws within the SonicOS administration net interface and SSL VPN portal that might result in a firewall crash.

To safeguard in opposition to attainable threats, it is really useful to replace to the final model and be sure that the administration interface is not uncovered to the web.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



[ad_2]