Web scans reveal weak SonicWall units
The Bishop Fox researchers needed to scan the web and decide how most of the SonicWall firewalls with their administration interfaces uncovered have URI paths which can be nonetheless weak to CVE-2022-22274 and CVE-2023-0656. Nonetheless, probing for these points by utilizing the actual exploit causes units to crash and the researchers needed to keep away from that.
After analyzing how the firewalls responded to requests to the weak URI paths, the researchers found out a crash-safe technique to carry out the take a look at and inform patched units other than non-patched ones, or units that didn’t have the weak parts within the first place. They wrote a scanner in Python after which ran it in opposition to an inventory of units recognized as SonicWall firewalls within the knowledge set from BinaryEdge, an organization that runs common internet-wide scans.
“We exported all the knowledge set from BinaryEdge, extracted HTTPS URLs, filtered the checklist to IPv4 (for simplicity – it was a negligible distinction), and eliminated duplicate entries,” the researchers mentioned. “We then wrote a easy script to check reachability and examine the response headers. After filtering our outcomes on this method, we ended up with a goal set of 234,720 units.”
After operating their crash-free assessments, the researchers discovered that 146,116, or 62% of the units, had been weak to CVE-2022-22274 and that 178,608 (76%) had been weak to CVE-2023-0656.
“At this time limit, an attacker can simply trigger a denial of service utilizing this exploit, however as SonicWall famous in its advisories, a possible for distant code execution exists,” the researchers mentioned. “Whereas it might be doable to plot an exploit that may execute arbitrary instructions, extra analysis is required to beat a number of challenges, together with PIE, ASLR, and stack canaries.”
Organizations operating SonicWall firewalls are strongly urged to improve their firmware to the newest obtainable model and to limit entry to the web-based administration interface, particularly from the web.
