CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_8000v:-:*:*:*:*:*:*:*

History

14 Oct 2022, 01:18

Type	Values Removed	Values Added
First Time		Sonicwall sma 7200 Firmware Sonicwall sma 6210 Firmware Sonicwall sma 6200 Firmware Sonicwall sma 7210 Firmware Sonicwall sma 6210 Sonicwall sma 8000v Sonicwall sma 7200 Sonicwall sma 7210 Sonicwall sma 8000v Firmware Sonicwall sma 6200
CPE	cpe:2.3:o:sonicwall:7210_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:6210:-:::::::* cpe:2.3:o:sonicwall:7210_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7200:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:6200:-:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7210:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:8000v:-:::::::*	cpe:2.3:h:sonicwall:sma_8000v:-:::::::* cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:sma_7210:-:::::::* cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:sma_7200:-:::::::* cpe:2.3:h:sonicwall:sma_6200:-:::::::* cpe:2.3:h:sonicwall:sma_6210:-:::::::* cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:::::::*

25 May 2022, 16:11

Type	Values Removed	Values Added
CWE		CWE-798
CPE		cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:7210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:8000v:-:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7210:-:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:7210_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:6210:-:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:6200:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7200:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.0:::::::*
First Time		Sonicwall 8000v Sonicwall 7210 Sonicwall 8000v Firmware Sonicwall Sonicwall 6200 Sonicwall 6210 Firmware Sonicwall 6200 Firmware Sonicwall 7200 Sonicwall 7200 Firmware Sonicwall 7210 Firmware Sonicwall 6210
References	~~(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 -~~	(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5

13 May 2022, 21:07

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-13 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-1701

Mitre link : CVE-2022-1701

CVE.ORG link : CVE-2022-1701

JSON object : View

Products Affected

sonicwall

sma_8000v_firmware
sma_7210
sma_6210
sma_6200
sma_6210_firmware
sma_7200_firmware
sma_7210_firmware
sma_7200
sma_8000v
sma_6200_firmware

CWE

CWE-798

Use of Hard-coded Credentials

CWE-321

Use of Hard-coded Cryptographic Key

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2022-1701

7.5^/10

5.0^/10

Attach tags to `CVE-2022-1701`