180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports.
The issues, tracked as CVE-2022-22274 and CVE-2023-0656 and rated critical- and high-severity, respectively, can be exploited remotely, without authentication.
An attacker can use them to cause a denial-of-service condition, but remote code execution has not been ruled out either.
SonicWall released patches for them in March 2022 and March 2023.
Scanning the internet for vulnerable devices, the cybersecurity firm discovered that more than 178,000 of the SonicWall firewalls that have a publicly accessible web management interface are vulnerable to at least one of the security defects.
In its advisories, SonicWall notes that it is not aware of active exploitation of any of these vulnerabilities and that it has received no reports of proof-of-concept exploit code being published for them.
PoC code targeting CVE-2023-0656 has been public since April 2023, when SSD Labs published it along with technical details on the bug.
By analyzing the root cause of these vulnerabilities, Bishop Fox identified a link between them and was able to create new PoC exploits for both.
The exploit for CVE-2023-0656, the firm says, is similar to what SSD Labs published almost a year ago.
After developing the PoCs, the cybersecurity firm started looking for vulnerable devices accessible from the internet, and discovered that more than 146,000 firewalls remain unpatched against CVE-2022-22274, and that 178,000 are not patched against CVE-2023-0656.
Almost all 146,000 vulnerable SonicWall firewalls are missing patches for both vulnerabilities.
With CVE-2022-22274 also exploitable for remote code execution, these devices are potentially at risk of more than just DoS. SonicWall customers are advised to apply the available patches as soon as possible.
Vulnerabilities in SonicWall firewalls are known to have been exploited in malicious attacks.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 16 Jan 2024 14:43:11 +0000


Cyber News related to 180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

8 Common Types of Firewalls Explained & When to Use Each - The eight types of deployable firewalls include traditional network firewalls, unified threat management, next-generation firewalls, web application firewalls, database firewalls, cloud firewalls, container firewalls, and firewalls-as-a-service. ...
11 months ago Esecurityplanet.com
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
11 months ago Bleepingcomputer.com
178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
11 months ago Darkreading.com
180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE - The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports. The issues, tracked as CVE-2022-22274 and ...
11 months ago Securityweek.com
178,000 SonicWall firewalls are vulnerable to old DoS bugs The Register - More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. A study by Jon Williams, senior security engineer at Bishop Fox, this week highlights what he refers to as weapons-grade patch ...
11 months ago Go.theregister.com
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
1 year ago Securityboulevard.com
SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider - PRESS RELEASE. MILPITAS, Calif. - January 3, 2024 - SonicWall, a global cybersecurity leader, today announced the acquisition of Banyan Security, a leading provider of security service edge solutions for the modern workforce. This acquisition ...
11 months ago Darkreading.com
Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks - A significant security concern has been raised for organizations using SonicWall next-generation firewalls. Tell me more about the SonicWall firewall vulnerability. Security experts have identified that over 178,000 SonicWall firewalls with their ...
11 months ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
1 year ago Paloaltonetworks.com
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
8 months ago Bleepingcomputer.com
Citrix warns of new Netscaler zero-days exploited in attacks - Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days impact the Netscaler management interface and expose unpatched ...
11 months ago Bleepingcomputer.com
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
11 months ago Bleepingcomputer.com
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
11 months ago Bleepingcomputer.com
SonicWall Alerts that Web Content Filtering is Not Working Properly on Windows 11 22H2 - Today, security hardware manufacturer SonicWall alerted customers of a limitation of the web content filtering feature on Windows 11, version 22H2 systems. SonicWall's Capture Client is a security solution for Windows and macOS that has Endpoint ...
1 year ago Bleepingcomputer.com
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
11 months ago Bleepingcomputer.com
What is Firewall as a Service? - A firewall serves as a barrier to unapproved network traffic. A firewall creates a remotely delivered cybersecurity solution licensed on a subscription basis as a Service or FWaaS. Companies can streamline their IT infrastructure using Perimeter81 ...
10 months ago Cybersecuritynews.com
What Is a Host-Based Firewall? Definition & When to Use - Organizations often use host-based firewalls when specific network applications or services require open communication channels that aren't allowed under default firewall settings. To install a host-based firewall across all endpoints, choose your ...
10 months ago Esecurityplanet.com
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
1 year ago Bleepingcomputer.com
9 Best Next-Generation Firewall Solutions for 2023 - Next-generation firewalls are network security solutions that go beyond the traditional port/protocol inspection by incorporating application-level inspection, intrusion prevention, and external threat intelligence. As the third generation in ...
1 year ago Esecurityplanet.com
What Is a Next-Generation Firewall? - A next generation firewall performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the ...
10 months ago Esecurityplanet.com
Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OfBiz, an open source ERP system with what researchers described as a surprisingly wide ...
11 months ago Go.theregister.com
Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OFBiz, an open source ERP system with what researchers described as a surprisingly wide ...
11 months ago Packetstormsecurity.com
Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu
SonicWall acquires Banyan Security - SonicWall acquired Banyan Security, a security service edge solution provider. This acquisition strengthens SonicWall's portfolio by adding zero trust security trusted by leading Fortune 100 companies to small businesses that are replacing legacy ...
11 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)