Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SonicWall Firewall Flaws Pose Cyber Risks

Opera Browser MyFlaw Security Breach Warning

January 16, 2024
Reading Time: 3 mins read
in Alerts

Over 178,000 SonicWall next-generation firewalls (NGFW) are at risk of denial-of-service (DoS) and potential remote code execution (RCE) attacks due to two identified security flaws, CVE-2022-22274 and CVE-2023-0656. Security researchers from Bishop Fox discovered the vulnerabilities, both caused by the reuse of the same vulnerable code pattern. Scanning SonicWall firewalls with exposed internet-facing management interfaces, the researchers found that 76% of them are susceptible to one or both of these issues. Even if remote code execution is not achieved, attackers could force the appliances into maintenance mode, disrupting normal functionality and potentially impacting VPN access to corporate networks.

While SonicWall’s Product Security Incident Response Team (PSIRT) has no knowledge of the vulnerabilities being exploited in the wild, a proof-of-concept (PoC) exploit for CVE-2022-22274 is available online. The vulnerability was identified using a technical writeup by SSD Labs, which outlined two URI paths triggering the bug. Administrators are strongly advised to ensure that the management interface of SonicWall NGFW appliances is not exposed online and to promptly upgrade to the latest firmware versions. SonicWall’s history includes previous cyber-espionage attacks and ransomware incidents, making the mitigation of these vulnerabilities crucial for over 178,000 affected devices.

The exposure of more than 178,000 SonicWall NGFW devices highlights the critical nature of securing internet-facing infrastructure, with potential risks of DoS and remote code execution. The vulnerabilities were discovered to be present in a significant portion of scanned devices, emphasizing the urgent need for administrators to take preventive measures. Despite SonicWall’s assurance that there is no known exploitation in the wild, the existence of a PoC exploit raises concerns about the potential for malicious actors to exploit these weaknesses. System administrators are urged to follow best practices, including securing management interfaces and applying firmware updates promptly, to mitigate the identified security risks.

Reference:
  • It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable
Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatDenial-of-service attacksJanuary 2024next-generation firewallsNGFWSonicWall
ADVERTISEMENT

Related Posts

Water Curse Group Hits Developers Via GitHub

Water Curse Group Hits Developers Via GitHub

June 17, 2025
Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

June 17, 2025
Water Curse Group Hits Developers Via GitHub

CISA Warns Of Apple Zero Click Exploit

June 17, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

PyPI Malware Steals AWS, CI/CD, macOS Data

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

Image Hiding in DNS TXT Records

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

June 16, 2025

Latest Alerts

Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

CISA Warns Of Apple Zero Click Exploit

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Subscribe to our newsletter

    Latest Incidents

    Zoomcar Data Breach Hits 8.4 Million Users

    Qilin Gang Leaks Asefa FC Barcelona Data

    Gunra Claims 45TB Hack On Colombia Justice

    Hackers Leak 10K VirtualMacOSX Customer Data

    Canada WestJet Airline Contains Cyberattack

    Washington Post Investigates Cyberattack on Emails

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial