Lucene search

[email protected]CVE-2022-22278

HistoryApr 27, 2022 - 5:15 p.m.

CVE-2022-22278

2022-04-2717:15:07

CWE-770

[email protected]

web.nvd.nist.gov

sonicos

cfs

vulnerability

http

dos

attack

nvd

cve-2022-22278

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

Affected configurations

NVD

Node

sonicwalltz300p_firmwareRange<7.0.1

AND

sonicwalltz300pMatch-

Node

sonicwalltz300w_firmwareRange<7.0.1

AND

sonicwalltz300wMatch-

Node

sonicwalltz350_firmwareRange<7.0.1

AND

sonicwalltz350Match-

Node

sonicwalltz350w_firmwareRange<7.0.1

AND

sonicwalltz350wMatch-

Node

sonicwallnssp_10700_firmwareRange<7.0.1.0

AND

sonicwallnssp_10700Match-

Node

sonicwallnssp_11700_firmwareRange<7.0.1.0

AND

sonicwallnssp_11700Match-

Node

sonicwallnssp_12400_firmwareRange<7.0.1.0

AND

sonicwallnssp_12400Match-

Node

sonicwallnssp_12800_firmwareRange<7.0.1.0

AND

sonicwallnssp_12800Match-

Node

sonicwallnssp_13700_firmwareRange<7.0.1.0

AND

sonicwallnssp_13700Match-

Node

sonicwallnssp_15700_firmwareRange<7.0.1.0

AND

sonicwallnssp_15700Match-

Node

sonicwalltz370_firmwareRange<7.0.1

AND

sonicwalltz370Match-

Node

sonicwalltz370w_firmwareRange<7.0.1

AND

sonicwalltz370wMatch-

Node

sonicwalltz400_firmwareRange<7.0.1

AND

sonicwalltz400Match-

Node

sonicwallnsv_10_firmwareRange<7.0.1.0

AND

sonicwallnsv_10Match-

Node

sonicwallnsv_100_firmwareRange<7.0.1.0

AND

sonicwallnsv_100Match-

Node

sonicwallnsv_1600_firmwareRange<7.0.1.0

AND

sonicwallnsv_1600Match-

Node

sonicwallnsv_200_firmwareRange<7.0.1.0

AND

sonicwallnsv_200Match-

Node

sonicwallnsv_25_firmwareRange<7.0.1.0

AND

sonicwallnsv_25Match-

Node

sonicwallnsv_270_firmwareRange<7.0.1.0

AND

sonicwallnsv_270Match-

Node

sonicwallnsv_300_firmwareRange<7.0.1.0

AND

sonicwallnsv_300Match-

Node

sonicwallnsv_400_firmwareRange<7.0.1.0

AND

sonicwallnsv_400Match-

Node

sonicwallnsv_470_firmwareRange<7.0.1.0

AND

sonicwallnsv_470Match-

Node

sonicwallnsv_50_firmwareRange<7.0.1.0

AND

sonicwallnsv_50Match-

Node

sonicwallnsv_800_firmwareRange<7.0.1.0

AND

sonicwallnsv_800Match-

Node

sonicwallnsv_870_firmwareRange<7.0.1.0

AND

sonicwallnsv_870Match-

Node

sonicwalltz400w_firmwareRange<7.0.1

AND

sonicwalltz400wMatch-

Node

sonicwalltz470_firmwareRange<7.0.1

AND

sonicwalltz470Match-

Node

sonicwalltz470w_firmwareRange<7.0.1

AND

sonicwalltz470wMatch-

Node

sonicwalltz500_firmwareRange<7.0.1

AND

sonicwalltz500Match-

Node

sonicwallnsa_2650_firmwareRange<7.0.1

AND

sonicwallnsa_2650Match-

Node

sonicwallnsa_2700_firmwareRange<7.0.1

AND

sonicwallnsa_2700Match-

Node

sonicwallnsa_3650_firmwareRange<7.0.1

AND

sonicwallnsa_3650Match-

Node

sonicwallnsa_3700_firmwareRange<7.0.1

AND

sonicwallnsa_3700Match-

Node

sonicwallnsa_4650_firmwareRange<7.0.1

AND

sonicwallnsa_4650Match-

Node

sonicwallnsa_4700_firmwareRange<7.0.1

AND

sonicwallnsa_4700Match-

Node

sonicwallnsa_5650_firmwareRange<7.0.1

AND

sonicwallnsa_5650Match-

Node

sonicwallnsa_5700_firmwareRange<7.0.1

AND

sonicwallnsa_5700Match-

Node

sonicwallnsa_6650_firmwareRange<7.0.1

AND

sonicwallnsa_6650Match-

Node

sonicwallnsa_6700_firmwareRange<7.0.1

AND

sonicwallnsa_6700Match-

Node

sonicwallnsa_9250_firmwareRange<7.0.1

AND

sonicwallnsa_9250Match-

Node

sonicwallnsa_9450_firmwareRange<7.0.1

AND

sonicwallnsa_9450Match-

Node

sonicwallnsa_9650_firmwareRange<7.0.1

AND

sonicwallnsa_9650Match-

Node

sonicwalltz500w_firmwareRange<7.0.1

AND

sonicwalltz500wMatch-

Node

sonicwalltz570_firmwareRange<7.0.1

AND

sonicwalltz570Match-

Node

sonicwalltz570p_firmwareRange<7.0.1

AND

sonicwalltz570pMatch-

Node

sonicwalltz570w_firmwareRange<7.0.1

AND

sonicwalltz570wMatch-

Node

sonicwalltz600_firmwareRange<7.0.1

AND

sonicwalltz600Match-

Node

sonicwalltz600p_firmwareRange<7.0.1

AND

sonicwalltz600pMatch-

Node

sonicwalltz670_firmwareRange<7.0.1

AND

sonicwalltz670Match-

CNA Affected

[
  {
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions."
      },
      {
        "status": "affected",
        "version": "SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions."
      },
      {
        "status": "affected",
        "version": "SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions."
      },
      {
        "status": "affected",
        "version": "SonicOS Gen 7 NSsp-Series 7.0.1-5030-R780 and earlier versions."
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

Related for CVE-2022-22278

cvelist1 nvd1 prion1