Sign-up

ID

VAR-202203-0661


CVE

CVE-2022-22273


TITLE

plural  SonicWALL  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-007210

DESCRIPTION

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. ** Not supported ** This is a vulnerability in an unsupported product. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-22273 // JVNDB: JVNDB-2022-007210 // VULMON: CVE-2022-22273

AFFECTED PRODUCTS

vendor:sonicwallmodel:sra 1600scope:lteversion:9.0.0.5-19sv

Trust: 1.0

vendor:sonicwallmodel:sra 4200scope:lteversion:9.0.0.5-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:lteversion:9.0.0.9-26sv

Trust: 1.0

vendor:sonicwallmodel:sra 1200scope:lteversion:9.0.0.5-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 400scope:lteversion:9.0.0.9-26sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:lteversion:9.0.0.9-26sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:lteversion:9.0.0.9-26sv

Trust: 1.0

vendor:sonicwallmodel:sra 4600scope:lteversion:9.0.0.5-19sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:lteversion:9.0.0.9-26sv

Trust: 1.0

vendor:sonicwallmodel:sma400scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma200scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sra 1600scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sra 4200scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sra 4600scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma210scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma410scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma500vscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sra 1200scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-007210 // NVD: CVE-2022-22273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22273
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-22273
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202203-1558
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-22273
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22273
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-22273
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22273
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-22273 // JVNDB: JVNDB-2022-007210 // CNNVD: CNNVD-202203-1558 // NVD: CVE-2022-22273

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-007210 // NVD: CVE-2022-22273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1558

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202203-1558

PATCH

title:SonicWall SSLVPN Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187035

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22273 // CNNVD: CNNVD-202203-1558

EXTERNAL IDS

db:NVDid:CVE-2022-22273

Trust: 3.3

db:JVNDBid:JVNDB-2022-007210

Trust: 0.8

db:CS-HELPid:SB2022032427

Trust: 0.6

db:CNNVDid:CNNVD-202203-1558

Trust: 0.6

db:VULMONid:CVE-2022-22273

Trust: 0.1

sources: VULMON: CVE-2022-22273 // JVNDB: JVNDB-2022-007210 // CNNVD: CNNVD-202203-1558 // NVD: CVE-2022-22273

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0001

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22273

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22273/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032427

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULMON: CVE-2022-22273 // JVNDB: JVNDB-2022-007210 // CNNVD: CNNVD-202203-1558 // NVD: CVE-2022-22273

SOURCES

db:VULMONid:CVE-2022-22273
db:JVNDBid:JVNDB-2022-007210
db:CNNVDid:CNNVD-202203-1558
db:NVDid:CVE-2022-22273

LAST UPDATE DATE

2024-08-14T15:42:33.006000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-22273date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-007210date:2023-07-12T08:29:00
db:CNNVDid:CNNVD-202203-1558date:2022-04-06T00:00:00
db:NVDid:CVE-2022-22273date:2024-08-03T03:16:16.390

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-22273date:2022-03-17T00:00:00
db:JVNDBid:JVNDB-2022-007210date:2023-07-12T00:00:00
db:CNNVDid:CNNVD-202203-1558date:2022-03-17T00:00:00
db:NVDid:CVE-2022-22273date:2022-03-17T02:15:06.567