CVE-2022-2915 An Heap Buffer Overflow vulnerability in the SonicWall SMA100 appliance can lead to Denial of Service or code execution.
A user with low privilege level (e.g. “Guest”) can place a malicious crafted string into the password field on the management interface, and this will cause the system to crash. An attacker can exploit this vulnerability by sending a malicious crafted string to the management interface, and the system will crash. There is no workaround for this vulnerability. As a best practice, it is recommended to always use caution when providing user credentials. An attacker can exploit this vulnerability by sending a malicious crafted string to the management interface, and the system will crash. There is no known workaround at this time.
A buffer overflow issue was discovered in the OpenSSL library that may allow an attacker to conduct a denial-of-service (DoS) attack. In most circumstances, an attacker would have to know specific information (such as a password) in order to exploit this vulnerability. An attacker can exploit this vulnerability by attempting to load known maliciously crafted data into the secure communication channel between an appliance and a remote device. An attacker can exploit this vulnerability by attempting to load known maliciously crafted data into the secure communication channel between an appliance and a remote device.
An attacker can exploit this vulnerability by attempting to load known maliciously crafted data into the secure communication channel between an appliance and a remote device
Vulnerable Packages
This vulnerability affects the following packages.
- appliance
- routerOS
- deviceOS
Categories and Severity Rating
Categories: High
Severity Rating: Critical
The vulnerability is in the OpenSSL library. This vulnerability affects all devices running an affected version of the OpenSSL library. There are no known workarounds at this time.
Vulnerable Versions CVE-2017-3732
A vulnerability in a certain configuration of the OpenSSL library could allow an attacker to conduct a denial-of-service (DoS) attack. In most circumstances, an attacker would have to know specific information (such as a password) in order to exploit this vulnerability. An attacker can exploit this vulnerability by attempting to load known maliciously crafted data into the secure communication channel between an appliance and a remote device.
Vulnerable code: static int cb_connect(SSL *s, int readahead)
SSL *s = NULL;
int ret = 0;
unsigned long l = 0;
int readahead = 1;
if (l == -1) { return -1; } // This will do nothing if the peer doesn't have SSL configured. if (! s || ! s->ssl() || ! s->init(0, 0, &cb_connect)) { return -1; }
if (l > readahead) return -1; // If the buffer is too big then we can't connect. if ((size_t)(l-readahead) > BUFSIZE) { return -1; } // Okay, we're good to go! ret = s->do_ssl(cb_connect);
Timeline
Published on: 08/26/2022 21:15:00 UTC
Last modified on: 09/01/2022 19:27:00 UTC