Lucene search

[email protected]NVD:CVE-2022-22273

HistoryMar 17, 2022 - 2:15 a.m.

CVE-2022-22273

2022-03-1702:15:06

CWE-78

[email protected]

web.nvd.nist.gov

os command injection

secure remote access

secure mobile access

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.4%

JSON

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

Affected configurations

Nvd

Node

sonicwallsma_200_firmwareRange≤9.0.0.9-26sv

AND

sonicwallsma_200Match-

Node

sonicwallsma_210_firmwareRange≤9.0.0.9-26sv

AND

sonicwallsma_210Match-

Node

sonicwallsma_400_firmwareRange≤9.0.0.9-26sv

AND

sonicwallsma_400Match-

Node

sonicwallsma_410_firmwareRange≤9.0.0.9-26sv

AND

sonicwallsma_410Match-

Node

sonicwallsma_500v_firmwareRange≤9.0.0.9-26sv

AND

sonicwallsma_500vMatch-

Node

sonicwallsra_4200_firmwareRange≤9.0.0.5-19sv

AND

sonicwallsra_4200Match-

Node

sonicwallsra_4600Match-

AND

sonicwallsra_4600_firmwareRange≤9.0.0.5-19sv

Node

sonicwallsra_1600Match-

AND

sonicwallsra_1600_firmwareRange≤9.0.0.5-19sv

Node

sonicwallsra_1200Match-

AND

sonicwallsra_1200_firmwareRange≤9.0.0.5-19sv

VendorProductVersionCPE
sonicwallsma_200_firmware*cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*
sonicwallsma_200-cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*
sonicwallsma_210_firmware*cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
sonicwallsma_210-cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*
sonicwallsma_400_firmware*cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*
sonicwallsma_400-cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*
sonicwallsma_410_firmware*cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
sonicwallsma_410-cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*
sonicwallsma_500v_firmware*cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*
sonicwallsma_500v-cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	sma_200_firmware	*	cpe:2.3:o:sonicwall:sma_200_firmware::::::::
sonicwall	sma_200	-	cpe:2.3:h:sonicwall:sma_200:-:::::::*
sonicwall	sma_210_firmware	*	cpe:2.3:o:sonicwall:sma_210_firmware::::::::
sonicwall	sma_210	-	cpe:2.3:h:sonicwall:sma_210:-:::::::*
sonicwall	sma_400_firmware	*	cpe:2.3:o:sonicwall:sma_400_firmware::::::::
sonicwall	sma_400	-	cpe:2.3:h:sonicwall:sma_400:-:::::::*
sonicwall	sma_410_firmware	*	cpe:2.3:o:sonicwall:sma_410_firmware::::::::
sonicwall	sma_410	-	cpe:2.3:h:sonicwall:sma_410:-:::::::*
sonicwall	sma_500v_firmware	*	cpe:2.3:o:sonicwall:sma_500v_firmware::::::::
sonicwall	sma_500v	-	cpe:2.3:h:sonicwall:sma_500v:-:::::::*

Rows per page:

1-10 of 181

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.4%

JSON

Related for NVD:CVE-2022-22273

vulnrichment1 prion1 cve1 cvelist1