Security Notice: Critical Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS

First Published:03/23/2022 Last Updated:03/29/2022

A stack-based buffer overflow vulnerability in SonicOS via HTTP request allows a remote unauthenticated attacker to cause a Denial of Service (DoS) or potentially results in a code execution in the firewall.

SonicWall's Product Security Incident Response Team (PSIRT) is not aware of active exploitation in the wild. No reports of a proof of concept (PoC) have been made public and malicious use of this vulnerability has not been reported to SonicWall.

SonicWall strongly urges organizations using impacted SonicWall firewalls listed below to follow the provided guidance.

NOTE:
This vulnerability ONLY impacts the SonicOS web management interface. The SonicOS SSLVPN interface is not impacted.

 

IMPACTED

An unauthenticated stack-based buffer overflow in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

The below SonicWall appliances are impacted by this vulnerability.

Impacted Platforms Impacted Version
TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870 7.0.1-5050 and earlier
NSsp 15700 7.0.1-R579 and earlier
NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 1600 6.5.4.4-44v-21-1452 and earlier

 

UNIMPACTED

The following firewall platforms are not impacted.

Unimpacted Firewall Generation Unimpacted Platforms
SonicWall Gen5 Firewalls SOHO, TZ100, TZ100W, TZ105, TZ105W, TZ200, TZ200W, TZ205, TZ205W, TZ210, TZ210W, TZ215, TZ215W, NSA220, NSA220W, NSA240, NSA2400, NSA2400MX, NSA250M, NSA250MW, NSA3500, NSA4500, NSA5000, NSAE5500, NSAE6500, NSAE7500, NSAE8500, NSAE8510
SonicWall Gen6 Firewalls SOHOW, SOHO 250, SOHO 250W, TZ300, TZ300P, TZ300W, TZ350, TZ350W, TZ400, TZ400W, TZ500, TZ500W, TZ600, TZ600P , NSA 2600, NSA3600, NSA4600, NSA5600, NSA6600, SM9200, SM9400, SM9400, SM9600, SM9800, SM10200, SM10400, SM10800, NSsp12400, NSsp12800
SonicWall Gen 6.5 Firewalls NSa 2650, NSa3650, NSa4650, NSa5650, NSa6650, NSa9250, NSa9450, NSa9650

 

MITIGATIONS

Until the below patches can be applied SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP). This will only allow management access from trusted source IP addresses. Please refer to the following knowledge base articles:

 

RESOLUTION

Apply applicable ‘Fixed Version’ patch to the affected SonicWall products. For NSsp 15700, continue with the temporary mitigation to avoid exploitation or reach out to the SonicWall support team who can provide you with a hotfix firmware (7.0.1-5030-HF-R844). SonicWall expects an official firmware version with necessary patches for NSsp15700 to be available in mid-April 2022.

Product Impacted Platforms Impacted Version Fixed Version
SonicWall Firewalls TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870 7.0.1-5050 and earlier 7.0.1-5051 and higher
SonicWall NSsp Firewall NSsp 15700 7.0.1-R579 and earlier Mid-April (Hotfix build 7.0.1-5030-HF-R844)
SonicWall NSv Firewalls NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 1600 6.5.4.4-44v-21-1452 and earlier 6.5.4.4-44v-21-1519 and higher

 

ADDITIONAL RESOURCES