Security Notice: Critical Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS

First Published:03/23/2022 Last Updated:03/29/2022

A stack-based buffer overflow vulnerability in SonicOS via HTTP request allows a remote unauthenticated attacker to cause a Denial of Service (DoS) or potentially results in a code execution in the firewall.

SonicWall's Product Security Incident Response Team (PSIRT) is not aware of active exploitation in the wild. No reports of a proof of concept (PoC) have been made public and malicious use of this vulnerability has not been reported to SonicWall.

SonicWall strongly urges organizations using impacted SonicWall firewalls listed below to follow the provided guidance.

NOTE:
This vulnerability ONLY impacts the SonicOS web management interface. The SonicOS SSLVPN interface is not impacted.

 

IMPACTED

An unauthenticated stack-based buffer overflow in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

The below SonicWall appliances are impacted by this vulnerability.

Impacted PlatformsImpacted Version
TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 8707.0.1-5050 and earlier
NSsp 157007.0.1-R579 and earlier
NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 16006.5.4.4-44v-21-1452 and earlier

 

UNIMPACTED

The following firewall platforms are not impacted.

Unimpacted Firewall GenerationUnimpacted Platforms
SonicWall Gen5 FirewallsSOHO, TZ100, TZ100W, TZ105, TZ105W, TZ200, TZ200W, TZ205, TZ205W, TZ210, TZ210W, TZ215, TZ215W, NSA220, NSA220W, NSA240, NSA2400, NSA2400MX, NSA250M, NSA250MW, NSA3500, NSA4500, NSA5000, NSAE5500, NSAE6500, NSAE7500, NSAE8500, NSAE8510
SonicWall Gen6 FirewallsSOHOW, SOHO 250, SOHO 250W, TZ300, TZ300P, TZ300W, TZ350, TZ350W, TZ400, TZ400W, TZ500, TZ500W, TZ600, TZ600P , NSA 2600, NSA3600, NSA4600, NSA5600, NSA6600, SM9200, SM9400, SM9400, SM9600, SM9800, SM10200, SM10400, SM10800, NSsp12400, NSsp12800
SonicWall Gen 6.5 FirewallsNSa 2650, NSa3650, NSa4650, NSa5650, NSa6650, NSa9250, NSa9450, NSa9650

 

MITIGATIONS

Until the below patches can be applied SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP). This will only allow management access from trusted source IP addresses. Please refer to the following knowledge base articles:

 

RESOLUTION

Apply applicable ‘Fixed Version’ patch to the affected SonicWall products. For NSsp 15700, continue with the temporary mitigation to avoid exploitation or reach out to the SonicWall support team who can provide you with a hotfix firmware (7.0.1-5030-HF-R844). SonicWall expects an official firmware version with necessary patches for NSsp15700 to be available in mid-April 2022.

ProductImpacted PlatformsImpacted VersionFixed Version
SonicWall FirewallsTZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 8707.0.1-5050 and earlier7.0.1-5051 and higher
SonicWall NSsp FirewallNSsp 157007.0.1-R579 and earlierMid-April (Hotfix build 7.0.1-5030-HF-R844)
SonicWall NSv FirewallsNSv 10, NSv 25, NSv 50, Nsv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 16006.5.4.4-44v-21-1452 and earlier6.5.4.4-44v-21-1519 and higher

 

ADDITIONAL RESOURCES

Trace:dd05288e52973a5809ba22c373a5ba22-70