OpenSSL Infinite Loop Vulnerability CVE-2022-0778 – Impact on SonicWall Edge Appliances (NGFW, SMA) & VPN Clients

First Published:04/12/2022 Last Updated:05/06/2022

  • What is OpenSSL and how is it used in SonicWall products?

    OpenSSL is an open-source implementation of SSL and TLS protocols. It is a software library for applications to communicate securely. More information about OpenSSL cryptography and tool kit can be found at www.openssl.org.

    Several SonicWall products use the OpenSSL library to secure communication to and from the appliance. Examples include secure web management of the appliance, terminating remote access connectivity (e.g., SMA, firewall remote access), decrypting and encrypting secure connections (DPI-SSL).

  • What is OpenSSL vulnerability CVE-2022-0778?
    A vulnerability (CVE-2022-0778) was found in OpenSSL that causes the OpenSSL library to enter an infinite loop causing a denial-of-service (DoS) attack by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may lead to a DoS attack.

  • What is the impact of this vulnerability?
    The vulnerability impacts any organization or vendor using vulnerable OpenSSL versions. If a vulnerable SonicWall product(s) parses an externally supplied crafted certificate, then it may lead to a DoS attack. That is, it may exhaust the CPU with 100% usage or may cause web GUI unresponsiveness to users due to triggering an infinite loop by malicious crafted certificate.

  • Which versions of OpenSSL are impacted?
    This issue affects all products, regardless of vendor, using OpenSSL versions 1.0.2, 1.1.1 and 3.0. The vulnerability was fixed in the releases of 1.1.1n and 3.0.2 on March 15, 2022.

  • What is the severity of this vulnerability?
    It is a ‘High’ severity vulnerability with a CVSS base score of 7.5. A successful attack can result in the appliance becoming unresponsive.

  • Which SonicWall products are impacted by the OpenSSL vulnerability?
    SonicWall is investigating all its product lines to determine which products and cloud services may be affected by this vulnerability. For the latest updates, please check SonicWall OpenSSL advisory (SNWLID-2022-0002).

  • Did SonicWall release IPS signatures to protect its customers?
    SonicWall released the following IPS signatures to protect vulnerable systems. These signatures are automatically applied via its automated signature deployment with a valid IPS subscription. SonicWall Capture Labs published its research about this vulnerability in a recent SonicAlert.

    • IPS: 15407 OpenSSL BN_mod_sqrt Function DoS 1
    • IPS: 15491 OpenSSL BN_mod_sqrt Function DoS 2
    • IPS: 15351 OpenSSL BN_mod_sqrt Function DoS 3
    • IPS: 15755 OpenSSL BN_mod_sqrt Function DoS 4

  • What is the impact of this vulnerability on SonicWall firewall appliances?
    The impact is high. The target appliance will become unresponsive if a DoS attack is successful.
    All Gen 5, Gen 6, Gen 6.5 and Gen 7 series physical and virtual firewalls are affected. Please refer to table below for complete details. SonicWall recommends applying the patches immediately on affected firewall appliances as patches become available.

    Firewall GenerationModelsVulnerable OpenSSL 
    Version Used?
    Impact/RecommendationFixed Version
    Gen 5 SeriesSOHO
    TZ100/W
    TZ200/W
    TZ210/W
    NSA 220/W
    NSA 250M/250M-W
    NSA 2400/MX/3500/4500/5500
    NSA E5500/6500/6500/8500/8510
    YesHIGH

    SonicWall recommends applying the patch on affected firewalls immediately.
    SonicOS 5.9.2.14 (SOHO)

    Only the listed Gen 5 SOHO is currently supported. SonicWall is not releasing patches for other impacted EOL Gen 5 products listed. Please refer to SonicWall product life tables for more information. 
    Gen 6/6.5 SeriesSOHO-W, SOHO-250
    TZ300/W; TZ350/W
    TZ400/W
    TZ500/W
    TZ600
    NSa 2600/2650/3600/3650/4600/4650/5600/5650/6600/6650
    SuperMassive 9200/9400/9600/9800
    NSa 9250/9450/9650
    NSsp 12400/12800
    NSv 10/25/50/100/200/400/800/1600 (ESX, KVM, HYPER-V, AWS, Azure)
    YesHIGH

    SonicWall recommends applying the patch on affected firewalls immediately.
    SonicOS 6.5.4.10-95n
    Gen 7 SeriesTZ270/W
    TZ370/W
    TZ470/W
    TZ570/W
    TZ670
    NSa 2700/3700/4700/5700/6700
    NSsp 10700/11700/13700/15700
    NSv 270/470/870 (ESX, KVM, HYPER-V, AWS, Azure)
    YesHIGH

    SonicWall recommends applying the patch on affected firewalls immediately.

    SonicOS 7.0.1-5052








    For assistance upgrading the firmware on your firewall, please reference the following KB article:

  • What is the impact of this vulnerability on SonicWall Secure Mobile Access (SMA) appliances?
    The impact is high. A successful attack can result in the appliance becoming unresponsive.
    All SMA 100 and 1000 series physical and virtual appliances are affected. Please refer to table below for specific models. SonicWall recommends applying the patches immediately on affected SMA 100 and/or SMA 1000 series appliances as patches become available.

    ProductModelsVulnerable OpenSSL Used?Impact/RecommendationFixed Version
    SMA 100 SeriesSMA 210/410
    SMA 500v (ESX, KVM, Hyper-V, AWS, Azure)
    YesHIGH

    SonicWall recommends applying the patch on affected SMA appliances immediately.
    Available Late April 2022
    SMA 1000 SeriesSMA 6200/7200/6210/7210
    SMA 8200v
    (ESX, KVM, Hyper-V, AWS, Azure)
    Yes

                                HIGH

    SonicWall recommends applying the patch on affected SMA appliances immediately.

    12.4.1-02965
    12.1.0-07081


    For assistance upgrading the firmware on your SMA appliance, please reference the following KB articles:

  • What is the impact of this vulnerability on SonicWall VPN/remote access clients?
    Low. SonicWall will be releasing patches for affected client versions. Please reference the below table for details. 

    Client TypeVulnerable OpenSSL Used?ImpactAdditional CommentsFixed Version
    Global VPN Client (GVC)NoN/AN/AN/A
    Connect Tunnel Version 12.1 & EarlierNoN/AConnect Tunnel version 12.1 and earlier do not use OpenSSL and are not vulnerable.N/A
    Connect Tunnel Version 12.4YesLow

    Low impact of DoS on client workstation. When a vulnerable workstation is attacked, the endpoint will exhibit high CPU usage.
    Exploitation requires the client to actively connect to a malicious device, rather than the SMA 1000 appliance. Availability Mid-May 2022
    NetExtender for LinuxYesLow

    Low impact of DoS on client workstation. When a vulnerable workstation is attacked, the end point will exhibit high CPU usage.
    Linux clients prior to 10.2.839 are impacted.OpenSSL has been upgraded remediating CVE-2022-0778 in version 10.2.839. Patched NetExtender Linux (32 and 64 bit) version 10.2.839 is available for download on mysonicwall.com.
    NetExtender for Windows
    (All Versions)
    NoN/AN/AN/A
    Mobile Connect for iOSYesLow

    Low impact of DoS on client workstation. When a vulnerable workstation is attacked, the end point will exhibit high CPU usage
    iOS clients prior to 5.0.11 are impacted.OpenSSL has been upgraded to 1.1.1n, remediating CVE-2022-0778, in the following release: 5.0.11. Patched Mobile Connect is available for download in iOS App Store.
    Mobile Connect for MacOSYesLow

    Low impact of DoS on client workstation. When a vulnerable workstation is attacked, the end point will exhibit high CPU usage.
    MacOS clients prior to 5.0.10 are impacted.Availability Mid-May 2022
    Mobile Connect for Android and ChromeOSYesLow

    Low impact of DoS on client workstation. When a vulnerable workstation is attacked, the end point will exhibit high CPU usage.
    Android clients prior to 5.0.18 are impacted.Availability Mid-May 2022
  • Are there any temporary workarounds/mitigation available?
    To reduce the risk of attack, SonicWall recommends enabling the following IPS signatures on SonicWall firewall appliances:
    • IPS: 15407 OpenSSL BN_mod_sqrt Function DoS 1
    • IPS: 15491 OpenSSL BN_mod_sqrt Function DoS 2
    • IPS: 15351 OpenSSL BN_mod_sqrt Function DoS 3
    • IPS: 15755 OpenSSL BN_mod_sqrt Function DoS 4

Customers are recommended to upgrade to relevant patch releases as they become available. For the latest updates on the advisory and recommended patch releases, please check SonicWall OpenSSL advisory.

Additional Resources


Trace:d62c1600f02b62e6dd5d68769b847134-94