"Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks"
Security researchers at Bishop Fox have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. The researchers noted that these appliances are affected by two DoS security flaws tracked as CVE-2022-22274 and CVE-2023-0656, the former also allows attackers to gain remote code execution. The researchers used BinaryEdge source code to scan SonicWall firewalls with management interfaces exposed to the internet and found that 76% (178,637 of 233,984) are vulnerable to one or both issues. The researchers noted that although the two vulnerabilities are essentially the same as they're caused by reusing the same vulnerable code pattern, they're exploitable at different HTTP URI paths. ​While the SonicWall Product Security Incident Response Team (PSIRT) says it does not know that these vulnerabilities have been exploited in the wild, at least one proof-of-concept (PoC) exploit is available online for CVE-2022-22274. The researchers advise admins to ensure their SonicWall NGFW appliances' management interface is not exposed online and upgrade to the latest firmware versions as soon as possible.
BleepingComputer reports: "Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks"