SonicWall: Patch critical SQL injection bug immediately

sonicwall

SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products.

“SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately,” warns SonicWall in an advisory.

The flaw, tracked as CVE-2022-22280, allows SQL injection due to improper neutralization of special elements used in an SQL Command.

It carries a severity rating of 9.4, categorizing it as “critical”, and is exploitable from the network without requiring authentication or user interaction, while it also has low attack complexity.

Severity rating for CVE-2022-22280
Severity rating for CVE-2022-22280

SonicWall clarifies that they are not aware of any reports of active exploitation in the wild or the existence of a proof of concept (PoC) exploit for this vulnerability as of yet.

However, applying the available security updates and mitigations is crucial to minimize the chances of attackers exploiting the bug.

SQL injection is a bug that allows attackers to modify a legitimate SQL query so that it performs unexpected behavior by inputting a string of specially crafted code in a web page’s form or URL query variables.

Using this flaw, attackers can access data they usually should not have access to, bypass authentication, or potentially delete data from the database.

Considering the widespread deployment of SonicWall GMS and Analytics, which are used for central management, rapid deployment, real-time reporting, and data insight, the attack surface is significant and typically on critical organizations.

The recommended action to resolve this vulnerability is to upgrade to GMS 9.3.1-SP2-Hotfix-2 or later and Analytics 2.5.0.3-Hotfix-1 or later. Any version number below these is vulnerable to CVE-2022-22280.

Additionally, SonicWall recommends the incorporation of a Web Application Firewall (WAF), which should be adequate for blocking SQL injection attacks even on unpatched deployments.

Currently, there is no workaround available for this vulnerability, so all administrators are advised to apply the available security updates.