A firewall wake up call. [Research Saturday]

Jon Williams from Bishop Fox is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities.
The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when …

bishop fox call cve devices firewall firewalls found fox ngfw research series service sharing sonicwall sonicwall firewalls states unauthenticated vulnerabilities williams