SonicWall has announced a SonicOS vulnerability with a CVSS score of 9.4, making this a critical vulnerability. A stack-based buffer overflow vulnerability in the SonicOS can be exploited via HTTP request. This allows a remote unauthenticated attacker to cause Denial of Service (DoS), which can potentially result in code execution on the firewall.
Note this vulnerability ONLY impacts the web management interface – the SonicOS SSLVPN interface isn’t impacted.
We strongly recommend schools using impacted SonicWall firewalls listed below apply the following patches and guidance below.
Impacted products and Fixed software version
|Product||Impacted platforms||Impacted version||Fixed version|
|SonicWall Firewalls||TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570,TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700,NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,NSv 270, NSv 470, NSv 870||7.0.1-5050 and earlier||7.0.1-5051 and higher|
|SonicWall NSsp Firewall||NSsp 15700||7.0.1-R579 and earlier||Mid-April (Hotfix build 7.0.1-5030-HF-R844)|
|SonicWall NSv Firewalls||NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,NSv, 300, NSv 400, NSv 800, NSv 1600||18.104.22.168-44v-21-1452 and earlier||22.214.171.124-44v-21-1519 and higher|
Workaround (if suggested patches can’t be applied)
Until the above patches can be applied, SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP Management). This will only allow management access from trusted source IP addresses. Please refer to the following articles for more information on this:
Please refer to Sonicwall advisory for more information.