Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU61613
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-22274
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can send a specially crafted HTTP request, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSonicOS: 6.5.4.4-44v-21-955 - 7.0.1-R1456
TZ270: All versions
TZ270W: All versions
TZ370: All versions
TZ370W: All versions
TZ470: All versions
TZ470W: All versions
TZ570: All versions
TZ570W: All versions
TZ570P: All versions
TZ670: All versions
NSa 2700: All versions
NSa 3700: All versions
NSa 4700: All versions
NSa 5700: All versions
NSa 6700: All versions
NSsp 10700: All versions
NSsp 11700: All versions
NSsp 13700: All versions
NSv 270: All versions
NSv 470: All versions
NSv 870: All versions
NSsp 15700: All versions
NSv 10: All versions
NSv 25: All versions
NSv 50: All versions
NSv 100: All versions
NSv 200: All versions
NSv 300: All versions
NSv 400: All versions
NSv 800: All versions
NSv 1600: All versions
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.