CVE-2022-22273 - OpenCVE

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sonicwall	Sra 1200 Sma 210 Sma 210 Firmware Sra 4600 Firmware Sra 4200 Firmware Sma 200 Firmware Sma 400 Sra 1600 Sma 410 Firmware Sma 410 Sma 200 Sra 4600 Sra 1200 Firmware Sra 1600 Firmware Sma 500v Sra 4200 Sma 500v Firmware Sma 400 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sonicwall:sra_4200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sra_4200:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:sonicwall:sra_4600:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_4600_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:sonicwall:sra_1600:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_1600_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:sonicwall:sra_1200:-:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sra_1200_firmware:*:*:*:*:*:*:*:*

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sonicwall

Published: 2022-03-17T01:40:09

Updated: 2024-06-05T19:07:02.266Z

Reserved: 2021-12-29T00:00:00

Link: CVE-2022-22273

JSON object: View

NVD Information

Status : Modified

Published: 2022-03-17T02:15:06.567

Modified: 2024-06-05T19:15:10.840

Link: CVE-2022-22273

JSON object: View

Redhat Information

No data.

CWE

CWE-78