Lucene search

SonicwallCVE-2022-1703

HistoryJun 08, 2022 - 9:15 a.m.

CVE-2022-1703

2022-06-0809:15:08

CWE-78

sonicwall

web.nvd.nist.gov

cve-2022-1703

sonicwall

ssl-vpn

sma100

os command injection

remote command execution

dos

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

54.6%

JSON

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

Affected configurations

Nvd

Node

sonicwallsma_210_firmwareRange≤10.2.1.4-31sv

AND

sonicwallsma_210Match-

Node

sonicwallsma_410_firmwareRange≤10.2.1.4-31sv

AND

sonicwallsma_410Match-

Node

sonicwallsma_500v_firmwareRange≤10.2.1.4-31sv

AND

sonicwallsma_500vMatch-

Node

sonicwallsma_210_firmwareRange≤10.2.0.9-41sv

AND

sonicwallsma_210Match-

Node

sonicwallsma_410_firmwareRange≤10.2.0.9-41sv

AND

sonicwallsma_410Match-

Node

sonicwallsma_500v_firmwareRange≤10.2.0.9-41sv

AND

sonicwallsma_500vMatch-

VendorProductVersionCPE
sonicwallsma_210_firmware*cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
sonicwallsma_210-cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*
sonicwallsma_410_firmware*cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
sonicwallsma_410-cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*
sonicwallsma_500v_firmware*cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*
sonicwallsma_500v-cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	sma_210_firmware	*	cpe:2.3:o:sonicwall:sma_210_firmware::::::::
sonicwall	sma_210	-	cpe:2.3:h:sonicwall:sma_210:-:::::::*
sonicwall	sma_410_firmware	*	cpe:2.3:o:sonicwall:sma_410_firmware::::::::
sonicwall	sma_410	-	cpe:2.3:h:sonicwall:sma_410:-:::::::*
sonicwall	sma_500v_firmware	*	cpe:2.3:o:sonicwall:sma_500v_firmware::::::::
sonicwall	sma_500v	-	cpe:2.3:h:sonicwall:sma_500v:-:::::::*

CNA Affected

[
  {
    "product": "SMA100",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "10.2.1.4-31sv and earlier"
      },
      {
        "status": "affected",
        "version": "10.2.0.9-41sv and earlier"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

54.6%

JSON

Related for CVE-2022-1703