SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
References
Link | Resource |
---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
14 Oct 2022, 01:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sonicwall sma 7200 Firmware
Sonicwall sma 6210 Firmware Sonicwall sma 6200 Firmware Sonicwall sma 7210 Firmware Sonicwall sma 6210 Sonicwall sma 8000v Sonicwall sma 7200 Sonicwall sma 7210 Sonicwall sma 8000v Firmware Sonicwall sma 6200 |
|
CPE | cpe:2.3:o:sonicwall:6210_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:6200_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:6210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:7210_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:7200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:7200_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:6210_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:6200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:6200_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:7210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:7200_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:8000v:-:*:*:*:*:*:*:* |
cpe:2.3:h:sonicwall:sma_8000v:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:*:*:*:*:*:*:* |
25 May 2022, 13:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.1 |
CWE | CWE-601 | |
CPE | cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:7210_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:8000v:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:6210_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:7210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:6200_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:7210_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:6210:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:6200_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:6210_firmware:12.4.0:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:6200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:7200_firmware:12.4.1:*:*:*:*:*:*:* cpe:2.3:h:sonicwall:7200:-:*:*:*:*:*:*:* cpe:2.3:o:sonicwall:7200_firmware:12.4.0:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 - Vendor Advisory | |
First Time |
Sonicwall 8000v
Sonicwall 7210 Sonicwall 8000v Firmware Sonicwall Sonicwall 6200 Sonicwall 6210 Firmware Sonicwall 6200 Firmware Sonicwall 7200 Sonicwall 7200 Firmware Sonicwall 7210 Firmware Sonicwall 6210 |
13 May 2022, 21:07
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-13 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-1702
Mitre link : CVE-2022-1702
CVE.ORG link : CVE-2022-1702
JSON object : View
Products Affected
sonicwall
- sma_8000v_firmware
- sma_7210
- sma_6210
- sma_6200
- sma_6210_firmware
- sma_7200_firmware
- sma_7210_firmware
- sma_7200
- sma_8000v
- sma_6200_firmware
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')