CyberSecurityBoard
Sponsor Register Login

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports.
The issues, tracked as CVE-2022-22274 and CVE-2023-0656 and rated critical- and high-severity, respectively, can be exploited remotely, without authentication.
An attacker can use them to cause a denial-of-service condition, but remote code execution has not been ruled out either.
SonicWall released patches for them in March 2022 and March 2023.
Scanning the internet for vulnerable devices, the cybersecurity firm discovered that more than 178,000 of the SonicWall firewalls that have a publicly accessible web management interface are vulnerable to at least one of the security defects.
In its advisories, SonicWall notes that it is not aware of active exploitation of any of these vulnerabilities and that it has received no reports of proof-of-concept exploit code being published for them.
PoC code targeting CVE-2023-0656 has been public since April 2023, when SSD Labs published it along with technical details on the bug.
By analyzing the root cause of these vulnerabilities, Bishop Fox identified a link between them and was able to create new PoC exploits for both.
The exploit for CVE-2023-0656, the firm says, is similar to what SSD Labs published almost a year ago.
After developing the PoCs, the cybersecurity firm started looking for vulnerable devices accessible from the internet, and discovered that more than 146,000 firewalls remain unpatched against CVE-2022-22274, and that 178,000 are not patched against CVE-2023-0656.
Almost all 146,000 vulnerable SonicWall firewalls are missing patches for both vulnerabilities.
With CVE-2022-22274 also exploitable for remote code execution, these devices are potentially at risk of more than just DoS. SonicWall customers are advised to apply the available patches as soon as possible.
Vulnerabilities in SonicWall firewalls are known to have been exploited in malicious attacks.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 16 Jan 2024 14:43:11 +0000


Cyber News related to 180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

8 Common Types of Firewalls Explained & When to Use Each - The eight types of deployable firewalls include traditional network firewalls, unified threat management, next-generation firewalls, web application firewalls, database firewalls, cloud firewalls, container firewalls, and firewalls-as-a-service. ...
1 year ago Esecurityplanet.com
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks - Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks. These appliances are affected by two DoS ...
1 year ago Bleepingcomputer.com CVE-2022-22274 CVE-2023-0656
178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks - Two unauthenticated denial-of-service vulnerabilities are threatening the security of SonicWall next-generation firewall devices, exposing more than 178,000 of them to both DoS as well as remote code execution attacks. SonicWall products affected are ...
1 year ago Darkreading.com CVE-2022-22274 CVE-2023-0656
180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE - The majority of internet-exposed SonicWall next-generation firewall series 6 and 7 devices have not been patched against two potentially serious vulnerabilities, cybersecurity firm Bishop Fox reports. The issues, tracked as CVE-2022-22274 and ...
1 year ago Securityweek.com CVE-2022-22274 CVE-2023-0656
178,000 SonicWall firewalls are vulnerable to old DoS bugs The Register - More than 178,000 SonicWall firewalls are still vulnerable to years-old vulnerabilities, an infosec reseacher claims. A study by Jon Williams, senior security engineer at Bishop Fox, this week highlights what he refers to as weapons-grade patch ...
1 year ago Go.theregister.com CVE-2022-22274 CVE-2023-0656
Analyzing the SonicWall Custom Grub LUKS Encryption Modifications - During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able to recover the LUKS decryption key by leveraging ...
1 year ago Securityboulevard.com
SonicWall SMA VPN devices targeted in attacks since January - A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. Days after SonicWall tagged the security ...
1 week ago Bleepingcomputer.com CVE-2021-20035
SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild - The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox, amplifying risks for organizations with unpatched devices. Security analysts attribute the rapid weaponization ...
2 months ago Cybersecuritynews.com CVE-2024-53704 Akira
SonicWall Accelerates SASE Offerings; Acquires Proven Cloud Security Provider - PRESS RELEASE. MILPITAS, Calif. - January 3, 2024 - SonicWall, a global cybersecurity leader, today announced the acquisition of Banyan Security, a leading provider of security service edge solutions for the modern workforce. This acquisition ...
1 year ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks - A significant security concern has been raised for organizations using SonicWall next-generation firewalls. Tell me more about the SonicWall firewall vulnerability. Security experts have identified that over 178,000 SonicWall firewalls with their ...
1 year ago Securityboulevard.com CVE-2022-22274 CVE-2023-0656
SonicWall firewall bug targeted in attacks after PoC exploit release - On Thursday, cybersecurity company Arctic Wolf said they started detecting exploitation attempts targeting this vulnerability in attacks "shortly after the PoC was made public," confirming SonicWall's fears regarding the vulnerability's ...
2 months ago Bleepingcomputer.com CVE-2024-53704
SonicWall firewall bug leveraged in attacks after PoC exploit release - On Thursday, cybersecurity company Arctic Wolf said they started detecting exploitation attempts targeting this vulnerability in attacks "shortly after the PoC was made public," confirming SonicWall's fears regarding the vulnerability's ...
2 months ago Bleepingcomputer.com CVE-2024-53704
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
1 year ago Bleepingcomputer.com CVE-2024-3400 CVE-2024-34000
SonicWall OS Command Injection Vulnerability Exploited in the Wild - “During further analysis, SonicWall and trusted security partners identified that ‘CVE-2023-44221 – Post Authentication OS Command Injection’ vulnerability is potentially being exploited in the wild,” SonicWall stated in ...
15 minutes ago Cybersecuritynews.com CVE-2023-44221
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access - Security experts emphasize that despite the significant reverse-engineering effort required to uncover the vulnerability, the exploit itself is trivial to execute, making immediate patching critical for all affected organizations. Attackers are ...
3 weeks ago Cybersecuritynews.com CVE-2024-53704
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
1 year ago Paloaltonetworks.com
Citrix warns of new Netscaler zero-days exploited in attacks - Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days impact the Netscaler management interface and expose unpatched ...
1 year ago Bleepingcomputer.com CVE-2023-4966
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
1 year ago Bleepingcomputer.com CVE-2023-6548 CVE-2023-6549 CVE-2024-0519
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
1 year ago Bleepingcomputer.com CVE-2024-21591 CVE-2023-36844 CVE-2023-36845 CVE-2023-36846 CVE-2023-36847
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
SonicWall Alerts that Web Content Filtering is Not Working Properly on Windows 11 22H2 - Today, security hardware manufacturer SonicWall alerted customers of a limitation of the web content filtering feature on Windows 11, version 22H2 systems. SonicWall's Capture Client is a security solution for Windows and macOS that has Endpoint ...
2 years ago Bleepingcomputer.com
What is Firewall as a Service? - A firewall serves as a barrier to unapproved network traffic. A firewall creates a remotely delivered cybersecurity solution licensed on a subscription basis as a Service or FWaaS. Companies can streamline their IT infrastructure using Perimeter81 ...
1 year ago Cybersecuritynews.com
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
2 years ago Bleepingcomputer.com
What Is a Host-Based Firewall? Definition & When to Use - Organizations often use host-based firewalls when specific network applications or services require open communication channels that aren't allowed under default firewall settings. To install a host-based firewall across all endpoints, choose your ...
1 year ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)