CVE-2022-1703

2022-06-0321:10:10

CWE-78

sonicwall

www.cve.org

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

CNA Affected

[
  {
    "product": "SMA100",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "10.2.1.4-31sv and earlier"
      },
      {
        "status": "affected",
        "version": "10.2.0.9-41sv and earlier"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010