A critical SonicOS vulnerability affecting SonicWall firewall appliances is actively being monitored. Currently, this vulnerability impacts 31 different SonicWall Firewall devices running the following versions:
Tracked as CVE-2022-22274
, the issue is described as a stack-based buffer overflow vulnerability in the SonicOS that could allow a remote, unauthenticated attacker to cause a Denial of Service (DoS) via HTTP request. This vulnerability could also allow remote code execution (RCE) in the firewall. SonicWall has released a security notice
urging users to apply the ‘fixed version’ patch applicable to their affected product immediately.
If you are unable to patch immediately, SonicWall strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP). This will only allow management access from trusted source IP addresses. Refer to their documentation for more instructions:
Pegasus Web Security provides an extra layer of security to help protect your business from cyberattacks. We understand the importance of protecting your business and its information, which is why we offer a variety of services to fit your needs. To learn more about what we do and how we can help keep you protected, visit our website or contact us today.