SonicWall has released security updates that address a critical vulnerability that affects Firewall solutions. An unauthenticated, remote threat actor could exploit this vulnerability to execute arbitrary code and trigger a denial of service (DoS) condition on the vulnerable system.
The vulnerability tracked code CVE-2022-22274 exists due to a stack-based buffer overflow error in SonicOS’s web management interface that could cause remote code execution or a denial of service via a specially crafted HTTP request.
The critical vulnerability affects 31 different SonicWall Firewall solutions running the versions listed in the table below.
SonicWall stated that no evidence has yet been found for active exploitation of the vulnerability. To not be the target of attacks that can be carried out using the vulnerability, it is recommended that users who use vulnerable versions immediately apply updates that fix the vulnerability. Additionally, until updates are implemented, SonicWall advises customers to limit SonicOS management access to trusted source IP addresses.