SonicWall has recently addressed the critical vulnerability, CVE-2022-22280, that has a severity rating of 9.4. This vulnerability impacts SonicWall Global Management System (GMS) and its Analytics On-Prem. Upon exploit, the vulnerability allows malicious actors to perform unauthenticated SQL injection due to improper neutralization of special elements used in an SQL Command. SonicWall PSIRT is not aware of active exploitation in the wild or any public proof of concept (PoC).
What is the threat?
The CVE-2002-22280 vulnerability impacts SonicWall GMS 9.3.1-SP2-Hotfix-1 and earlier, as well as Analytics On-Prem 2.5.0.3-2520 and earlier. This vulnerability allows malicious actors to bypass authentication to alter SQL commands as it does not neutralize or incorrectly neutralizes special elements that can be interpreted as control elements or syntactic markers when they are sent to a downstream component.
Why is it noteworthy?
SonicWall GMS and Analytics On-Prem are used for central management, rapid deployment, real-time reporting, and data insight affecting a wide area of critical components of an organization. Utilizing the vulnerability could allow the attacker access to view, add, modify or delete information in the back-end database without authentication. There is no workaround to mitigate this vulnerability but incorporating a Web Application Firewall (WAF) can reduce the likelihood of exploitation.
What is the exposure or risk?
When exploited, the malicious actor may modify the back-end database, possibly including execution of system commands. The primary concern is that malicious actor can bypass authentication, allowing them to perform the attack with ease while disrupting business operations and stealing sensitive information. This means a successful injection will allow the malicious actor access to execute administrative commands.
What are the recommendations?
Barracuda MSP recommends the following actions:
- Upgrade SonicWall Analytics to Analytics 2.5.0.3-Hotfix-1
- Upgrade SonicWall GMS to GMS 9.3.1-SP2-Hotfix-2.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.sonicwall.com/support/knowledge-base/security-notice-sonicwall-analytics-on-prem-sql-injection-vulnerability/220613083254037/
- https://www.sonicwall.com/support/notices/security-notice-sonicwall-gms-sql-injection-vulnerability/220613083124303/
- https://www.bleepingcomputer.com/news/security/sonicwall-patch-critical-sql-injection-bug-immediately/
- https://cwe.mitre.org/data/definitions/138.html
- https://www.redpacketsecurity.com/sonicwall-global-management-system-gms-and-analytics-sql-injection-cve-2022-22280/
If you have any questions, please contact our Security Operations Center.