All the vulnerabilites related to sonicwall - sra_1600_firmware
cve-2022-22273
Vulnerability from cvelistv5
Published
2022-03-17 01:40
Modified
2024-08-03 03:07
Severity ?
EPSS score ?
Summary
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions
References
| ▼ | URL | Tags |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SonicWall | SonicWall SRA/SMA100 |
Version: SRA Series 9.0.0.5-19sv and earlier versions. Version: SMA100 Series 9.0.0.9-26sv and earlier versions. |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sonicwall:sma_100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sma_100",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "9.0.0.9-26sv",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:sonicwall:sra:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sra",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "9.0.0.5-19sv",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:20:37.677148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T19:07:02.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicWall SRA/SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "SRA Series 9.0.0.5-19sv and earlier versions."
},
{
"status": "affected",
"version": "SMA100 Series 9.0.0.9-26sv and earlier versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T01:40:09",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2022-22273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall SRA/SMA100",
"version": {
"version_data": [
{
"version_value": "SRA Series 9.0.0.5-19sv and earlier versions."
},
{
"version_value": "SMA100 Series 9.0.0.9-26sv and earlier versions."
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2022-22273",
"datePublished": "2022-03-17T01:40:09",
"dateReserved": "2021-12-29T00:00:00",
"dateUpdated": "2024-08-03T03:07:50.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20028
Vulnerability from cvelistv5
Published
2021-08-04 19:10
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
References
| ▼ | URL | Tags |
|---|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SonicWall | SonicWall SRA/SMA100 |
Version: 8.x firmware Version: 9.0.0.9-26sv and earlier. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicWall SRA/SMA100",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "8.x firmware"
},
{
"status": "affected",
"version": "9.0.0.9-26sv and earlier."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T19:10:09",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2021-20028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall SRA/SMA100",
"version": {
"version_data": [
{
"version_value": "8.x firmware"
},
{
"version_value": "9.0.0.9-26sv and earlier."
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2021-20028",
"datePublished": "2021-08-04T19:10:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-08-04 19:15
Modified
2024-11-21 05:45
Severity ?
Summary
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | sma_210_firmware | * | |
| sonicwall | sma_210 | - | |
| sonicwall | sma_410_firmware | * | |
| sonicwall | sma_410 | - | |
| sonicwall | sma_500v_firmware | * | |
| sonicwall | sma_500v | - | |
| sonicwall | sra_4600_firmware | * | |
| sonicwall | sra_4600 | - | |
| sonicwall | sra_1600_firmware | * | |
| sonicwall | sra_1600 | - | |
| sonicwall | sra_va_firmware | * | |
| sonicwall | sra_va | - |
{
"cisaActionDue": "2022-04-18",
"cisaExploitAdd": "2022-03-28",
"cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
"cisaVulnerabilityName": "SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA095C77-9E99-4086-A665-D15B62ED6318",
"versionEndExcluding": "9.0.0.10-28sv",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82266A9-0420-4C82-B7CE-6E35A197C774",
"versionEndExcluding": "9.0.0.10-28sv",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5ACCFB-D882-4F7D-8CE4-3608B1053708",
"versionEndExcluding": "9.0.0.10-28sv",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sra_4600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1739FF-3445-4155-BCD5-FFC3ADC7BB11",
"versionEndExcluding": "9.0.0.10-28sv",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sra_4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC9EDA7-6306-4AC0-BBA2-BFC4D6EF7D05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sra_1600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56142ABA-8DB5-40C4-B485-CA440BC26EB5",
"versionEndExcluding": "9.0.0.10-28sv",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sra_1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A19AAF5D-B03D-40BB-AF3C-8BAEFD60C0F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sra_va_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "403EDB9C-7FAE-496D-8307-B76FBC02FE50",
"versionEndExcluding": "9.0.0.10-28sv",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sra_va:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D2892B-20AF-4832-8C14-C2570804A4D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "PSIRT@sonicwall.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Una neutralizaci\u00f3n inapropiada de un Comando SQL conllevando una vulnerabilidad de Inyecci\u00f3n SQL impactando a los productos Secure Remote Access (SRA) al final de su vida \u00fatil, concretamente a dispositivos SRA que ejecutan todo el firmware 8.x y 9.0.0.9-26sv o anteriores"
}
],
"id": "CVE-2021-20028",
"lastModified": "2024-11-21T05:45:48.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-04T19:15:08.247",
"references": [
{
"source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0017"
}
],
"sourceIdentifier": "PSIRT@sonicwall.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "PSIRT@sonicwall.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-17 02:15
Modified
2024-11-21 06:46
Severity ?
Summary
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT@sonicwall.com | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99C0481F-4CB1-43BF-ADA9-229299317343",
"versionEndIncluding": "9.0.0.9-26sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0EAE44-82C5-42B6-BF85-3A77B9D05177",
"versionEndIncluding": "9.0.0.9-26sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAB3FDF-EDB2-47E1-B0C5-1B17F33C9803",
"versionEndIncluding": "9.0.0.9-26sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63823C19-6F4A-4061-9A7F-7DADBA1C801F",
"versionEndIncluding": "9.0.0.9-26sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9942D7-D482-4AA7-B12B-52AD281B08E9",
"versionEndIncluding": "9.0.0.9-26sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sra_4200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A85046F-061A-4EB8-AFA5-80B19E0216E0",
"versionEndIncluding": "9.0.0.5-19sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sra_4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D22FF-44D8-4D95-AC53-4C427CAD7CF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sra_4600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A92EB386-1F93-41BB-B670-23A51147226A",
"versionEndIncluding": "9.0.0.5-19sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sra_4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC9EDA7-6306-4AC0-BBA2-BFC4D6EF7D05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sra_1600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DC3EE5-D9BC-4AAF-9BFE-CC72F0C26AD6",
"versionEndIncluding": "9.0.0.5-19sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sra_1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A19AAF5D-B03D-40BB-AF3C-8BAEFD60C0F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sra_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B1F8903-DB6B-4795-A97E-F7B4916DCBC7",
"versionEndIncluding": "9.0.0.5-19sv",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sra_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A11F88-DDC9-4C59-A985-DA831BEF78D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "PSIRT@sonicwall.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions"
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO DE ASIGN\u00d3 ** Una Neutralizaci\u00f3n Inapropiada de Elementos Especiales conllevando a una vulnerabilidad de Inyecci\u00f3n de Comandos en el Sistema Operativo impactando a los productos Secure Remote Access (SRA) al final de su vida \u00fatil y a las versiones de firmware m\u00e1s antiguas de los productos de la serie 100 de Secure Mobile Access (SMA), concretamente a los dispositivos SRA ejecutando todas las versiones 8.x, 9.0.0.5-19sv y anteriores y los productos de la serie 100 de Secure Mobile Access (SMA) ejecutando el firmware m\u00e1s antiguo 9.0.0.9-26sv y versiones anteriores"
}
],
"id": "CVE-2022-22273",
"lastModified": "2024-11-21T06:46:32.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-17T02:15:06.567",
"references": [
{
"source": "PSIRT@sonicwall.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001"
}
],
"sourceIdentifier": "PSIRT@sonicwall.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "PSIRT@sonicwall.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}