SonicWall has announced a SonicOS vulnerability with a CVSS score of 9.4, making this a critical vulnerability. A stack-based buffer overflow vulnerability in the SonicOS can be exploited via HTTP request. This allows a remote unauthenticated attacker to cause Denial of Service (DoS), which can potentially result in code execution on the firewall.

Note this vulnerability ONLY impacts the web management interface – the SonicOS SSLVPN interface isn’t impacted.

We strongly recommend schools using impacted SonicWall firewalls listed below apply the following patches and guidance below.

Impacted products and Fixed software version

ProductImpacted platformsImpacted versionFixed version
SonicWall FirewallsTZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570,TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700,NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,NSv 270, NSv 470, NSv 870 7.0.1-5050 and earlier 7.0.1-5051 and higher
 SonicWall NSsp Firewall NSsp 15700 7.0.1-R579 and earlier  Mid-April (Hotfix build 7.0.1-5030-HF-R844)
SonicWall NSv FirewallsNSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,NSv, 300, NSv 400, NSv 800, NSv 16006.5.4.4-44v-21-1452 and earlier6.5.4.4-44v-21-1519 and higher 

Workaround (if suggested patches can’t be applied)
Until the above patches can be applied, SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP Management). This will only allow management access from trusted source IP addresses. Please refer to the following articles for more information on this:

> Suggested tips when allowing access to SonicWall web management
> How to restrict admin access to the device

Please refer to Sonicwall advisory for more information.