CVE-2022-22273

2022-03-1701:40:09

CWE-78

sonicwall

www.cve.org

cve-2022-22273

os command injection

sra

sma

firmware versions

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

CNA Affected

[
  {
    "product": "SonicWall SRA/SMA100",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "SRA Series 9.0.0.5-19sv and earlier versions."
      },
      {
        "status": "affected",
        "version": "SMA100 Series 9.0.0.9-26sv and earlier versions."
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001