CVE-2024-22397

2024-03-1403:23:52

CWE-79

sonicwall

www.cve.org

improper neutralization of input

cross-site scripting

sonicos

sslvpn

firewall

admin

remote attacker

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall ‘admin’ user to store and execute arbitrary JavaScript code.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Gen7"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-5145 and earlier versions"
      },
      {
        "status": "affected",
        "version": "7.1.1-7047 and earlier versions"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005