Security News > 2022 > March > Critical SonicWall firewall patch not released for all devices
Security hardware manufacturer SonicWall has fixed a critical vulnerability in the SonicOS security operating system that allows denial of service attacks and could lead to remote code execution.
The security flaw is a stack-based buffer overflow weakness with a 9.4 CVSS severity score and impacting multiple SonicWall firewalls.
The SonicWall Product Security Incident Response Team says there are no reports of public proof-of-concept exploits, and it found no evidence of exploitation in attacks.
"SonicWall strongly urges organizations using impacted SonicWall firewalls listed below to follow the provided guidance," the company said in a security advisory published on Friday.
The only affected firewall still waiting for a patch against CVE-2022-22274 is the NSsp 15700 enterprise-class high-speed firewall.
The SonicWall support website provides customers with more information on how to restrict admin access and tips on when to allow access to the firewalls' web management interface.
News URL
Related news
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- SonicWall urges admins to patch exploitable SSLVPN bug immediately (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2022-22274 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | 9.8 |