CVE-2022-1702

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

CVSS v3 6.1 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:::::::*
	cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:::::::*

cpe:2.3:h:sonicwall:sma_8000v:-:*:*:*:*:*:*:*

History

14 Oct 2022, 01:17

Type	Values Removed	Values Added
First Time		Sonicwall sma 7200 Firmware Sonicwall sma 6210 Firmware Sonicwall sma 6200 Firmware Sonicwall sma 7210 Firmware Sonicwall sma 6210 Sonicwall sma 8000v Sonicwall sma 7200 Sonicwall sma 7210 Sonicwall sma 8000v Firmware Sonicwall sma 6200
CPE	cpe:2.3:o:sonicwall:7210_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:6210:-:::::::* cpe:2.3:o:sonicwall:7210_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7200:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:6200:-:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7210:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:8000v:-:::::::*	cpe:2.3:h:sonicwall:sma_8000v:-:::::::* cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:sma_7210:-:::::::* cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:sma_7200:-:::::::* cpe:2.3:h:sonicwall:sma_6200:-:::::::* cpe:2.3:h:sonicwall:sma_6210:-:::::::* cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:::::::*

25 May 2022, 13:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.8 v3 : 6.1
CWE		CWE-601
CPE		cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:7210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:8000v:-:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7210:-:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:7210_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:6210:-:::::::* cpe:2.3:o:sonicwall:6200_firmware:12.4.1:::::::* cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:::::::* cpe:2.3:o:sonicwall:6210_firmware:12.4.0:::::::* cpe:2.3:h:sonicwall:6200:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.1:::::::* cpe:2.3:h:sonicwall:7200:-:::::::* cpe:2.3:o:sonicwall:7200_firmware:12.4.0:::::::*
References	~~(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 -~~	(CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 - Vendor Advisory
First Time		Sonicwall 8000v Sonicwall 7210 Sonicwall 8000v Firmware Sonicwall Sonicwall 6200 Sonicwall 6210 Firmware Sonicwall 6200 Firmware Sonicwall 7200 Sonicwall 7200 Firmware Sonicwall 7210 Firmware Sonicwall 6210

13 May 2022, 21:07

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-13 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-1702

Mitre link : CVE-2022-1702

CVE.ORG link : CVE-2022-1702

JSON object : View

Products Affected

sonicwall

sma_8000v_firmware
sma_7210
sma_6210
sma_6200
sma_6210_firmware
sma_7200_firmware
sma_7210_firmware
sma_7200
sma_8000v
sma_6200_firmware

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2022-1702

6.1^/10

5.8^/10

Attach tags to `CVE-2022-1702`