Remote code execution

2022-07-2920:15:00

PRIOn knowledge base

www.prio-n.com

code execution

neutralization vulnerability

user input

host system

sonicwall switch

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.8%

JSON

Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions

CPENameOperatorVersion
sws12-10fpoe_firmwareeq< 1.2.0.0-3
sws12-8_firmwareeq< 1.2.0.0-3
sws12-8poe_firmwareeq< 1.2.0.0-3
sws14-24_firmwareeq< 1.2.0.0-3
sws14-24fpoe_firmwareeq< 1.2.0.0-3
sws14-48_firmwareeq< 1.2.0.0-3
sws14-48fpoe_firmwareeq< 1.2.0.0-3

Name	Operator	Version
sws12-10fpoe_firmware	eq	< 1.2.0.0-3
sws12-8_firmware	eq	< 1.2.0.0-3
sws12-8poe_firmware	eq	< 1.2.0.0-3
sws14-24_firmware	eq	< 1.2.0.0-3
sws14-24fpoe_firmware	eq	< 1.2.0.0-3
sws14-48_firmware	eq	< 1.2.0.0-3
sws14-48fpoe_firmware	eq	< 1.2.0.0-3

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0013