Vulnerability identifier: #VU61613

Vulnerability risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-22274

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
SonicOS
Operating systems & Components / Operating system
TZ270
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ270W
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ370
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ370W
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ470
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ470W
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ570
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ570W
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ570P
Hardware solutions / Routers & switches, VoIP, GSM, etc
TZ670
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSa 2700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSa 3700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSa 4700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSa 5700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSa 6700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSsp 10700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSsp 11700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSsp 13700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 270
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 470
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 870
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSsp 15700
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 10
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 25
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 50
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 100
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 200
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 300
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 400
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 800
Hardware solutions / Routers & switches, VoIP, GSM, etc
NSv 1600
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: SonicWall

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can send a specially crafted HTTP request, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SonicOS: 6.5.4.4-44v-21-955 - 7.0.1-R1456

TZ270: All versions

TZ270W: All versions

TZ370: All versions

TZ370W: All versions

TZ470: All versions

TZ470W: All versions

TZ570: All versions

TZ570W: All versions

TZ570P: All versions

TZ670: All versions

NSa 2700: All versions

NSa 3700: All versions

NSa 4700: All versions

NSa 5700: All versions

NSa 6700: All versions

NSsp 10700: All versions

NSsp 11700: All versions

NSsp 13700: All versions

NSv 270: All versions

NSv 470: All versions

NSv 870: All versions

NSsp 15700: All versions

NSv 10: All versions

NSv 25: All versions

NSv 50: All versions

NSv 100: All versions

NSv 200: All versions

NSv 300: All versions

NSv 400: All versions

NSv 800: All versions

NSv 1600: All versions

---

External links
http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.