SonicOS Buffer Overflow Vulnerability Allows Remote DoS or Code Execution
CVE-2022-22274
9.8CRITICAL
Key Information
- Vendor
- Sonicwall
- Status
- Sonicos
- Vendor
- CVE Published:
- 25 March 2022
Badges
👾 Exploit Exists🔴 Public PoC
Summary
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
Affected Version(s)
SonicOS = SonicOS 7.0.1-5050 and earlier
SonicOS = SonicOS 7.0.1-R579 and earlier
SonicOS = SonicOSv 6.5.4.4-44v-21-1452 and earlier
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Refferences
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database1 Proof of Concept(s)