Stack-based buffer overflow in SonicWall SonicOS

1) Stack-based buffer overflow

EUVDB-ID: #VU61613

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-22274

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can send a specially crafted HTTP request, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: 6.5.4.4-44v-21-955 - 7.0.1-R1456

TZ270: All versions

TZ270W: All versions

TZ370: All versions

TZ370W: All versions

TZ470: All versions

TZ470W: All versions

TZ570: All versions

TZ570W: All versions

TZ570P: All versions

TZ670: All versions

NSa 2700: All versions

NSa 3700: All versions

NSa 4700: All versions

NSa 5700: All versions

NSa 6700: All versions

NSsp 10700: All versions

NSsp 11700: All versions

NSsp 13700: All versions

NSv 270: All versions

NSv 470: All versions

NSv 870: All versions

NSsp 15700: All versions

NSv 10: All versions

NSv 25: All versions

NSv 50: All versions

NSv 100: All versions

NSv 200: All versions

NSv 300: All versions

NSv 400: All versions

NSv 800: All versions

NSv 1600: All versions

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.