A significant security concern has been raised for organizations using SonicWall next-generation firewalls (NGFW). Here’s what you need to know.
Security experts have identified that over 178,000 SonicWall firewalls with their management interfaces accessible online, specifically series 6 and series 7, are at risk of two critical vulnerabilities. These vulnerabilities could lead to denial-of-service (DoS) attacks and potentially allow remote code execution (RCE).
The vulnerabilities in question are:
Despite being disclosed a year apart, these vulnerabilities are fundamentally similar, however, they require different HTTP URI paths for exploitation. SonicWall released patches for both vulnerabilities in March 2022 and March 2023, respectively.
The SSD Secure Disclosure team has even published a proof-of-concept (PoC) for CVE-2023-0656, which demonstrates the exploit. Such PoCs often serve as a blueprint for threat actors to develop and deploy their own exploits.
Nuspire, in response to these emerging threats, actively conducts threat hunts within client environments to detect signs of compromise. This proactive approach aims to identify and neutralize potential vulnerabilities before threat actors can exploit them.
The potential impact of these vulnerabilities being exploited is severe. SonicOS is configured by default to restart after a crash. However, if the system crashes three times in quick succession, it enters maintenance mode, necessitating administrative intervention to resume normal operations.
To protect your organization from these threats, it is crucial to:
By taking these steps, you can significantly reduce the risk of falling victim to these vulnerabilities and maintain the integrity of your network security.