Sign-up

ID

VAR-202208-2082


CVE

CVE-2022-2915


TITLE

plural  SonicWALL  Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-015995

DESCRIPTION

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-2915 // JVNDB: JVNDB-2022-015995 // VULMON: CVE-2022-2915

AFFECTED PRODUCTS

vendor:sonicwallmodel:sma 400scope:lteversion:10.2.1.5-34sv

Trust: 1.0

vendor:sonicwallmodel:sma 200scope:lteversion:10.2.1.5-34sv

Trust: 1.0

vendor:sonicwallmodel:sma 500vscope:lteversion:10.2.1.5-34sv

Trust: 1.0

vendor:sonicwallmodel:sma 410scope:lteversion:10.2.1.5-34sv

Trust: 1.0

vendor:sonicwallmodel:sma 210scope:lteversion:10.2.1.5-34sv

Trust: 1.0

vendor:sonicwallmodel:sma410scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma500vscope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma200scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma210scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sma400scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015995 // NVD: CVE-2022-2915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-2915
value: HIGH

Trust: 1.0

NVD: CVE-2022-2915
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202208-4247
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-2915
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-2915
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015995 // CNNVD: CNNVD-202208-4247 // NVD: CVE-2022-2915

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-015995 // NVD: CVE-2022-2915

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-4247

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202208-4247

PATCH

title:SonicWALL SMA100 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207790

Trust: 0.6

sources: CNNVD: CNNVD-202208-4247

EXTERNAL IDS

db:NVDid:CVE-2022-2915

Trust: 3.3

db:JVNDBid:JVNDB-2022-015995

Trust: 0.8

db:CNNVDid:CNNVD-202208-4247

Trust: 0.6

db:VULMONid:CVE-2022-2915

Trust: 0.1

sources: VULMON: CVE-2022-2915 // JVNDB: JVNDB-2022-015995 // CNNVD: CNNVD-202208-4247 // NVD: CVE-2022-2915

REFERENCES

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0019

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-2915

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-2915/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-2915 // JVNDB: JVNDB-2022-015995 // CNNVD: CNNVD-202208-4247 // NVD: CVE-2022-2915

SOURCES

db:VULMONid:CVE-2022-2915
db:JVNDBid:JVNDB-2022-015995
db:CNNVDid:CNNVD-202208-4247
db:NVDid:CVE-2022-2915

LAST UPDATE DATE

2024-08-14T15:37:27.532000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-2915date:2022-08-27T00:00:00
db:JVNDBid:JVNDB-2022-015995date:2023-09-29T08:07:00
db:CNNVDid:CNNVD-202208-4247date:2022-09-15T00:00:00
db:NVDid:CVE-2022-2915date:2022-09-01T19:27:14.893

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-2915date:2022-08-26T00:00:00
db:JVNDBid:JVNDB-2022-015995date:2023-09-29T00:00:00
db:CNNVDid:CNNVD-202208-4247date:2022-08-26T00:00:00
db:NVDid:CVE-2022-2915date:2022-08-26T21:15:08.867