SonicWall has published an advisory about a critical buffer overflow vulnerability in SonicOS, a default operating system developed for SonicWall firewall products. The flaw tracked under CVE-2022-22274 has a score of 9.4 (Critical) as per the CVSSv3 scoring system. The flaw allows remote unauthenticated attackers to perform Denial of Service (DoS) and Remote Code Execution attacks on the vulnerable versions of firewalls. We recommend that users of SonicWall products read this post about How to Fix CVE-2022-22274- A Critical Buffer Overflow Vulnerability in SonicOS.
The advisory says that this is a stack-based buffer overflow vulnerability in the web-based management interface of SonicOS. Attackers could exploit this flaw just by sending a specially crafted HTTP request to the web management interface and carrying out attacks like Denial of Service (DoS) and Remote Code Execution on the vulnerable versions of SonicOS.
SonicWall also confirmed that this vulnerability impacts only the web interface of the OS. The SSLVPN interface is still safe from the flaw. Moreover, the team also stated that there is no active exploitation seen so far that the PoC is not made public. Let’s see the summary of the attack vector in the below table.
Associated CVE ID | CVE-2022-22274 |
Description | A Stack-based buffer overflow vulnerability in the SonicOS that allows a remote unauthenticated attacker to perform RCE and DoS attacks on victims. |
Associated ZDI ID | – |
CVSS Score | 9.4 Critical |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H |
Impact Score | – |
Exploitability Score | – |
Attack Vector (AV) | Network |
Attack Complexity (AC) | Low |
Privilege Required (PR) | None |
User Interaction (UI) | None |
Scope | Unchanged |
Confidentiality (C) | Low |
Integrity (I) | High |
availability (a) | High |
The vulnerability affects 31 different SonicWall products that run SonicOS v7.0.1-5050 and earlier. 7.0.1-R579 and earlier, and 6.5.4.4-44v-21-1452 and earlier. Please have the comprehensive information in the below table.
Impacted Version | Impacted Platforms |
7.0.1-5050 and older | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870 |
7.0.1-R579 and older | NSsp 15700 |
6.5.4.4-44v-21-1452 and earlier | NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 1600 |
Firewall Generations | Platforms Not Impacted |
SonicWall Gen5 Firewalls | SOHO, TZ100, TZ100W, TZ105, TZ105W, TZ200,TZ200W, TZ205, TZ205W, TZ210, TZ210W, TZ215,TZ215W, NSA220, NSA220W, NSA240, NSA2400, NSA2400MX, NSA250M, NSA250MW, NSA3500, NSA4500, NSA5000, NSAE5500, NSAE6500, NSAE7500, NSAE8500, NSAE8510 |
SonicWall Gen6 Firewalls | SOHOW, SOHO 250, SOHO 250W, TZ300, TZ300P, TZ300W, TZ350, TZ350W, TZ400, TZ400W, TZ500, TZ500W, TZ600, TZ600P , NSA 2600, NSA3600, NSA4600, NSA5600, NSA6600, SM9200, SM9400, SM9600, SM9800, SM10200, SM10400, SM10800, NSsp12400, NSsp12800 |
SonicWall Gen 6.5 Firewalls | NSa 2650, NSa3650, NSa4650, NSa5650,NSa6650, NSa9250, NSa9450, NSa9650 |
We recommend all SonicWall users upgrade to the SonicOS or Firmware version to patch the Buffer Overflow Vulnerability. SonicWall products that run SonicOS v7.0.1-5050 and earlier should upgrade to 7.0.1-5051 and higher, v7.0.1-R579 and earlier should upgrade to 7.0.1-5030-HF-R844 released mid-April, and 6.5.4.4-44v-21-1452 and earlier should upgrade to 6.5.4.4-44v-21-1519 and higher. Please see the below table for complete information.
Product | Impacted Platforms | Impacted Version | Fixed Version |
SonicWall FireWalls | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570,TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700,NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,NSv 270, NSv 470, NSv 870 | 7.0.1-5050 and earlier | 7.0.1-5051 and higher |
SonicWall NSsp Firewall | NSsp 15700 | 7.0.1-R579 and earlier | Mid-April (Hotfix build 7.0.1-5030-HF-R844) |
SonicWall NSv Firewalls | NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,NSv, 300, NSv 400, NSv 800, NSv 1600 | 6.5.4.4-44v-21-1452 and earlier | 6.5.4.4-44v-21-1519 and higher |
Upgradation is the best way to permanently fix the buffer overflow vulnerability. You can follow these steps to upgrade SonicWall OS.
1. Click Click Device > Settings > Firmware and Settings, select the Import/Export Configuration > export configuration option to export all the settings to a .EXP file.
2. And you can also click Create Backup > Local Backup to save a copy of the existing Settings to SonicWall’s non-volatile memory.
1. Login to MySonicWall.com
2. Click Product Management > My Products. Select the device that you want to upgrade and hover the mouse on the Firmware icon to see the firmware version.
3. Scroll down and click on the Browse All Firmware button to see all available versions.
4. Click the download button next to the firmware version that you wish to download.
1. Upon downloading the new firmware, navigate to Devices > Settings > Firmware and Settings.
2. Click Upload Firmware browse the downloaded firmware file, then click Upload.
1. You will have two options:
1. Uploaded Firmware with current configuration
2. Uploaded Firmware with Factory Default configuration
2. Choose the option as per your need, then click the power button beside that. The device will boot with the new Firmware version. That’s all.
Firmware upgradation is the best solution to fix the flaw. However, if in case you are not in a position to apply the patches any time soon. It is good to follow these mitigations until you patch the firmware.
Restrict SonicOS management access to a trusted source. It is good to isolate the interface from the internet or at least deploy it behind the VPN or firewalls.
Follow these instructions to mitigate the CVE-2022-22274 vulnerability.
We hope this post would help you know How to Fix CVE-2022-22274- A Critical Buffer Overflow Vulnerability in SonicOS. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.