Lucene search

[email protected]CVE-2022-2324

HistoryJul 29, 2022 - 9:15 p.m.

CVE-2022-2324

2022-07-2921:15:09

CWE-290

CWE-358

[email protected]

web.nvd.nist.gov

cve-2022-2324

vulnerability

sonicwall hosted email security

capture atp

bypass

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions

Affected configurations

NVD

Node

sonicwallemail_securityRange≤10.0.17.7319

CPENameOperatorVersion
sonicwall:email_securitysonicwall email securityle10.0.17.7319

CPE	Name	Operator	Version
sonicwall:email_security	sonicwall email security	le	10.0.17.7319

CNA Affected

[
  {
    "product": "SonicWall Email Security",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.17.7319 and earlier"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0014

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

Related for CVE-2022-2324

prion1 cvelist1 nvd1