Exploitable Flaws In SonicWall Firewalls Have Been Largely Ignored: Researchers

Two vulnerabilities that can enable denial-of-service attacks—and potentially remote code execution—are exploitable in more than 178,000 SonicWall next-generation firewall devices, according to researchers at Bishop Fox.

A pair of SonicWall firewall vulnerabilities that are exploitable over the web have been neglected by the majority of organizations using the devices, according to researchers at offensive security firm Bishop Fox.

The researchers reported that more than 178,000 SonicWall next-generation firewall (NGFW) devices are unpatched against the two vulnerabilities, which were found in 2022 and 2023.

The vulnerabilities affecting SonicWall series 6 and 7 NGFW devices can enable denial-of-service attacks and potentially remote code execution, Bishop Fox researchers wrote in a post Monday.

About 76 percent of the impacted SonicWall firewalls with internet-exposed management interfaces—or 178,637 devices out of 233,984—are vulnerable to at least one of the issues, the researchers said.

“The impact of a widespread attack could be severe,” the Bishop Fox researchers wrote.

The vulnerabilities are tracked at CVE-2022-22274 and CVE-2023-0656. The latest firmware versions will protect against both of the vulnerabilities, the researchers noted.

In a statement provided to CRN Tuesday, SonicWall said it has been steadily working to encourage partners and customers to upgrade their device firmware.

“SonicWall has proactively reached out to partners and customers several times over the past year to ensure maximum adoption of the relevant patches,” the company said in the statement.

SonicWall noted that it has reviewed relevant case logs and “has seen no active exploitation of the affected firmware in the wild.”

Additionally, an automatic firmware update was included in SonicOS 7.1.1 to protect against critical vulnerabilities going forward, the company said.