Lucene search

[email protected]NVD:CVE-2022-22281

HistoryMay 13, 2022 - 8:15 p.m.

CVE-2022-22281

2022-05-1320:15:08

CWE-120

CWE-121

[email protected]

web.nvd.nist.gov

buffer overflow

sonicwall ssl-vpn

netextender windows client

arbitrary code execution

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.

Affected configurations

Nvd

Node

sonicwallnetextenderRange≤10.2.322windows

VendorProductVersionCPE
sonicwallnetextender*cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
sonicwall	netextender	*	cpe:2.3:a:sonicwall:netextender::::::windows::*

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0008

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.6%

JSON

Related for NVD:CVE-2022-22281

cvelist1 prion1 cve1