Sign-up

ID

VAR-202207-1703


CVE

CVE-2022-22280


TITLE

SonicWALL  of  Analytics  and  Global Management System  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-014196

DESCRIPTION

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. SonicWALL of Analytics and Global Management System for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SonicWALL Analytics is a high-performance management and reporting engine for networks from SonicWALL in the United States. SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (PoC) have been made public, and malicious use of this vulnerability has not been reported to SonicWall

Trust: 1.8

sources: NVD: CVE-2022-22280 // JVNDB: JVNDB-2022-014196 // VULHUB: VHN-410504 // VULMON: CVE-2022-22280

AFFECTED PRODUCTS

vendor:sonicwallmodel:global management systemscope:ltversion:9.3.1

Trust: 1.0

vendor:sonicwallmodel:global management systemscope:eqversion:9.3.1

Trust: 1.0

vendor:sonicwallmodel:analyticsscope:lteversion:2.5.0.3-2520

Trust: 1.0

vendor:sonicwallmodel:global management systemscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:analyticsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-014196 // NVD: CVE-2022-22280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22280
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-22280
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202207-2292
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-22280
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22280
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-014196 // CNNVD: CNNVD-202207-2292 // NVD: CVE-2022-22280

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-410504 // JVNDB: JVNDB-2022-014196 // NVD: CVE-2022-22280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2292

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202207-2292

PATCH

title:SonicWALL Analytics On-Prem SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203756

Trust: 0.6

sources: CNNVD: CNNVD-202207-2292

EXTERNAL IDS

db:NVDid:CVE-2022-22280

Trust: 3.4

db:JVNDBid:JVNDB-2022-014196

Trust: 0.8

db:CNNVDid:CNNVD-202207-2292

Trust: 0.7

db:CS-HELPid:SB2022072214

Trust: 0.6

db:VULHUBid:VHN-410504

Trust: 0.1

db:VULMONid:CVE-2022-22280

Trust: 0.1

sources: VULHUB: VHN-410504 // VULMON: CVE-2022-22280 // JVNDB: JVNDB-2022-014196 // CNNVD: CNNVD-202207-2292 // NVD: CVE-2022-22280

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0007

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22280

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022072214

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22280/

Trust: 0.6

url:https://www.sonicwall.com/support/notices/security-notice-sonicwall-gms-sql-injection-vulnerability/220613083124303/

Trust: 0.1

sources: VULHUB: VHN-410504 // VULMON: CVE-2022-22280 // JVNDB: JVNDB-2022-014196 // CNNVD: CNNVD-202207-2292 // NVD: CVE-2022-22280

SOURCES

db:VULHUBid:VHN-410504
db:VULMONid:CVE-2022-22280
db:JVNDBid:JVNDB-2022-014196
db:CNNVDid:CNNVD-202207-2292
db:NVDid:CVE-2022-22280

LAST UPDATE DATE

2024-08-14T14:24:39.190000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-410504date:2022-08-08T00:00:00
db:JVNDBid:JVNDB-2022-014196date:2023-09-14T08:14:00
db:CNNVDid:CNNVD-202207-2292date:2022-08-10T00:00:00
db:NVDid:CVE-2022-22280date:2022-08-08T16:49:55.723

SOURCES RELEASE DATE

db:VULHUBid:VHN-410504date:2022-07-29T00:00:00
db:JVNDBid:JVNDB-2022-014196date:2023-09-14T00:00:00
db:CNNVDid:CNNVD-202207-2292date:2022-07-22T00:00:00
db:NVDid:CVE-2022-22280date:2022-07-29T21:15:09.470