Some researchers of Bishop Fox engaged in the context of cybersecurity they discovered a potential risk for further 178.000 firewall SonicWall scattered throughout the world.
Specifically, the management interface of the same was vulnerable to DoS attacks (Denial of Service) and potentially also to RCE (Remote Code Execution). The offending exploits are known by codes CVE-2022-22274 e CVE-2023-0656.
Jon WilliamsSenior Security Engineer at Bishop Fox, explained how researchers analyzed firewalls, scanning interfaces exposed to the Internet and discovered that about 76% is potentially vulnerable to the aforementioned attacks.
Per Williams “Our initial research confirmed the manufacturer’s claim that no exploit was available; however, once we identified the vulnerable code, we discovered that it was the same issue announced a year later as CVE-2023-0656“.
SonicWall firewall at risk also in Europe
The same was then also expressed in relation to the other vulnerability “We found that CVE-2022-22274 was caused by the same vulnerable code pattern in a different place, and the exploit worked against three additional URI paths“.
The situation is somewhat disturbing, given the number and distribution of SonicWall firewalls potentially subject to attacks. Most of them are located in the United States but, in fact, these devices are present all over the world. Also in Europeapparently, there are many circa 9.000.
Although the SonicWall Product Security Incident Response Team (PSIRT) you state that you are not aware that these vulnerabilities have been actively exploited by hackers, at least one exploit proof-of-concept (PoC) is available online for CVE-2022-22274.
For Williams himself, the situation is not to be taken lightly.”SSD Labs has published a technical report of the bug with a proof of concept, noting two URI paths where the bug could be triggered“.