CVE-2022-22273

2022-03-1701:40:09

CWE-78

sonicwall

github.com

cve-2022-22273

os command injection

sra

sma

end-of-life

firmware vulnerability

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

50.4%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

CNA Affected

[
  {
    "product": "SonicWall SRA/SMA100",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "SRA Series 9.0.0.5-19sv and earlier versions."
      },
      {
        "status": "affected",
        "version": "SMA100 Series 9.0.0.9-26sv and earlier versions."
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:sonicwall:sma_100:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sonicwall",
    "product": "sma_100",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "9.0.0.9-26sv"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:sonicwall:sra:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sonicwall",
    "product": "sra",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "9.0.0.5-19sv"
      }
    ],
    "defaultStatus": "unknown"
  }
]