SonicOS security operating system receives a security update to fix a critical stack-based buffer overflow vulnerability that could be remotely exploitable without any prior authentication. It allows denial of service (DoS) attacks and can also be used to initiate remote code execution (RCE).

The vulnerability tracked as CVE-2022-22274 with a 9.4 CVSS severity score and affecting multiple SonicWall firewalls such as TZ Series entry-level desktop form factor next-generation firewalls (NGFW) for small- and medium-sized businesses (SMBs), Network Security Virtual (NSv series) firewalls designed to secure the cloud, and Network Security services platform (NSsp) high-end firewalls.

According to SonicWall Product Security Incident Response Team (PSIRT), remote attackers can exploit this vulnerability by using HTTP requests within low complexity attacks without any involvement of user interaction " to cause Denial of Service (DoS) or potentially result in code execution in the firewall." While there isn't any incident reported of public proof-of-concept (PoC) exploits, not any available evidence of exploitation in attacks.

However, SonicWall released security patches for all the potentially compromised SonicOS versions & firewalls, urging its customers to update their products immediately.

"SonicWall strongly urges organizations using impacted SonicWall firewalls listed below to follow the provided guidance," mentioned by the company in its security advisory.

Out of all NSsp 15700 enterprise-class high-speed firewalls, the only one left to be patched is CVE-2022-22274, despite the fact that the hotfix is already made available, estimating that in order to block potential attacks targeting this firewall.

"For NSsp 15700, continue with the temporary mitigation to avoid exploitation or reach out to the SonicWall support team who can provide you with a hotfix firmware (7.0.1-5030-HF-R844)," the company elaborated."SonicWall expects an official firmware version with necessary patches for NSsp15700 to be available in mid-April 2022."

A temporary workaround for those systems that cannot be immediately patched is available that are managed to remove the exploitation vector as admins are required only to allow access to the SonicOS management interface to trusted sources.

"Until the [..] patches can be applied, SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS Management access rules (SSH/HTTPS/HTTP Management)," SonicWall mentioned.