Security researchers have found over 178,000 SonicWall next-generation firewalls with the management interface exposed online are vulnerable to denial-of-service and potential remote code execution attacks.
These appliances are affected by two DoS security flaws tracked as CVE-2022-22274 and CVE-2023-0656, the former also allowing attackers to gain remote code execution.
Although the two vulnerabilities are essentially the same as they're caused by reusing the same vulnerable code pattern, they're exploitable at different HTTP URI paths, according to Bishop Fox, who discovered this massive attack surface.
Even if attackers cannot execute code on a targeted appliance, they can exploit vulnerabilities to force it into maintenance mode, requiring intervention from administrators to restore standard functionality.
Thus, even if it's not determined if remote code execution is possible, bad actors could still leverage these vulnerabilities to disable edge firewalls and the VPN access they provide to corporate networks.
More than 500,000 SonicWall firewalls are currently exposed online, with over 328,000 in the United States, according to data from threat monitoring platform Shadowserver.
While the SonicWall Product Security Incident Response Team says it has no knowledge that these vulnerabilities have been exploited in the wild, at least one proof-of-concept exploit is available online for CVE-2022-22274.
Admins are advised to ensure their SonicWall NGFW appliances' management interface is not exposed online and upgrade to the latest firmware versions as soon as possible.
SonicWall's appliances have previously been targeted in cyber-espionage attacks and by multiple ransomware gangs, including HelloKitty and FiveHands).
Last March, SonicWall PSIRT and Mandiant revealed that suspected Chinese hackers installed custom malware on unpatched SonicWall Secure Mobile Access appliances for long-term persistence in cyber-espionage campaigns.
Customers were also warned in July to urgently patch multiple critical authentication bypass flaws in the company's GMS firewall management and Analytics network reporting products.
SonicWall's customer list includes over 500,000 businesses from more than 215 countries and territories, including government agencies and some of the largest companies worldwide.
Critical SonicWall firewall patch not released for all devices.
Juniper warns of critical RCE bug in its firewalls and switches.
Microsoft discovers critical RCE flaw in Perforce Helix Core Server.
Sophos backports RCE fix after attacks on unsupported firewalls.
Ivanti warns critical EPM bug lets hackers hijack enrolled devices.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 15 Jan 2024 18:50:22 +0000