Skip to content

Defense Digests

Critical Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS

Dataprise Defense Digest 550x550

Table of content


SonicWALL has issued a security notice for a new vulnerability affecting a number of their Firewall appliances running SonicOS. Left unpatched, this vulnerability will allow a remote, unauthenticated attacker to perform Denial of Service (DoS) or remote code execution on the firewall.


This vulnerability currently impacts a wide range of SonicWALL appliances and OS versions:

This vulnerability has been given a CVSS score of 9.4 (CRITICAL) since it can be be performed remotely over the internet with no authentication.


On impacted platforms, an attacker is currently able to craft and send a malicious HTTP request that will allow them to perform remote code execution or DoS remotely without authentication.

No Proof of Concept (PoC) has yet been made public, and SonicWALL has not been notified of any active exploitations in the wild.


Updating software immediately or through regular processes is the only solution to this issue. Apply the applicable ‘Fixed Version’ Patch to affected SonicWALL products:

If immediate patching is not feasible, SonicWALL recommends that administrators limit SonicOS management access to trusted sources by modifying the existing SonicOS management access rules (SSH/HTTPS/HTTP).





  • Daniel Mervis, Cyber Security Analyst
  • Stephen Jones, Vice President, Cybersecurity Services

View all Dataprise Defense Digests here.

Recent Tweets


Learn about the latest threats and vulnerabilities with our D3 alerts.

Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.