CVE-2022-27812

Name of the Vulnerable Software and Affected Versions SNS firewall versions 3.7.0 through 3.7.29 SNS firewall versions 3.11.0 through 3.11.17 SNS firewall versions 4.2.0 through 4.2.10 SNS firewall versions 4.3.0 through 4.3.6

Description Flooding the SNS firewall with specific forged traffic can lead to a Denial of Service (DoS). This can be achieved by sending UDP or ICMP traffic with randomized sources through internal to internal or external to internal interfaces, causing the firewall to overwork and consume 100% CPU and RAM, leading to a crash.

Recommendations For versions 3.7.0 through 3.7.29, consider restricting access to internal interfaces to minimize the risk of exploitation. For versions 3.11.0 through 3.11.17, restrict external traffic to reduce the likelihood of a DoS attack. For versions 4.2.0 through 4.2.10, limit the amount of UDP and ICMP traffic allowed through the firewall. For versions 4.3.0 through 4.3.6, implement rate limiting on incoming traffic to prevent overloading the firewall.