Stack-based buffer overflow in SonicWall SonicOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-22274 |
| CWE-ID | CWE-121 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
SonicOS Operating systems & Components / Operating system TZ270 Hardware solutions / Routers & switches, VoIP, GSM, etc TZ270W Hardware solutions / Routers & switches, VoIP, GSM, etc TZ370 Hardware solutions / Routers & switches, VoIP, GSM, etc TZ370W Hardware solutions / Routers & switches, VoIP, GSM, etc TZ470 Hardware solutions / Routers & switches, VoIP, GSM, etc TZ470W Hardware solutions / Routers & switches, VoIP, GSM, etc TZ570 Hardware solutions / Routers & switches, VoIP, GSM, etc TZ570W Hardware solutions / Routers & switches, VoIP, GSM, etc TZ570P Hardware solutions / Routers & switches, VoIP, GSM, etc TZ670 Hardware solutions / Routers & switches, VoIP, GSM, etc NSa 2700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSa 3700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSa 4700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSa 5700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSa 6700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSsp 10700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSsp 11700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSsp 13700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 270 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 470 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 870 Hardware solutions / Routers & switches, VoIP, GSM, etc NSsp 15700 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 10 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 25 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 50 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 100 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 200 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 300 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 400 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 800 Hardware solutions / Routers & switches, VoIP, GSM, etc NSv 1600 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | SonicWall |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Stack-based buffer overflow
EUVDB-ID: #VU61613
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2022-22274
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can send a specially crafted HTTP request, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSonicOS: 6.5.4.4-44v-21-955 - 7.0.1-5050
TZ270: All versions
TZ270W: All versions
TZ370: All versions
TZ370W: All versions
TZ470: All versions
TZ470W: All versions
TZ570: All versions
TZ570W: All versions
TZ570P: All versions
TZ670: All versions
NSa 2700: All versions
NSa 3700: All versions
NSa 4700: All versions
NSa 5700: All versions
NSa 6700: All versions
NSsp 10700: All versions
NSsp 11700: All versions
NSsp 13700: All versions
NSv 270: All versions
NSv 470: All versions
NSv 870: All versions
NSsp 15700: All versions
NSv 10: All versions
NSv 25: All versions
NSv 50: All versions
NSv 100: All versions
NSv 200: All versions
NSv 300: All versions
NSv 400: All versions
NSv 800: All versions
NSv 1600: All versions
CPE2.3- cpe:2.3:o:sonicwall:sonicos:6.5.4.4-44v-21-955:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:sonicos:6.5.4.4-44v-21-1288:*:*:*:*:*:*:*
- cpe:2.3:o:sonicwall:sonicos:6.5.4.4-44V-21-1452:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz270:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz270w:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz370:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz370w:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz470:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz470w:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz570:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz570w:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz570p:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:tz670:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsa_2700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsa_3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsa_4700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsa_5700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsa_6700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nssp_10700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nssp_11700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nssp_13700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_270:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_470:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_870:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nssp_15700:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_10:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_25:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_50:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_100:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_200:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_300:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_400:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_800:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonicwall:nsv_1600:*:*:*:*:*:*:*:*
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
