CVE-2022-22282

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-22282
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_8000v:-:*:*:*:*:*:*:*
History

27 Jun 2023, 19:00

Type Values Removed Values Added
CWE CWE-862 NVD-CWE-Other

21 Jul 2022, 13:29

Type Values Removed Values Added
First Time Sonicwall sma 6200
Sonicwall sma 8000v
Sonicwall sma 7210
Sonicwall sma 7210 Firmware
Sonicwall sma 7200 Firmware
Sonicwall sma 6200 Firmware
Sonicwall sma 8000v Firmware
Sonicwall sma 7200
Sonicwall sma 6210 Firmware
Sonicwall sma 6210
CPE cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:8000v:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:7200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.0:*:*:*:*:*:*:*		 cpe:2.3:h:sonicwall:sma_6210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_6200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_8000v:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sma_6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_7200:-:*:*:*:*:*:*:*

25 May 2022, 13:53

Type Values Removed Values Added
CPE cpe:2.3:o:sonicwall:8000v_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:8000v:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:7210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7210_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6210:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:8000v_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:6210_firmware:12.4.0:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:6200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.1:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:7200:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:7200_firmware:12.4.0:*:*:*:*:*:*:*
References (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 - (CONFIRM) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8
First Time Sonicwall 8000v
Sonicwall 7210
Sonicwall 8000v Firmware
Sonicwall
Sonicwall 6200
Sonicwall 6210 Firmware
Sonicwall 6200 Firmware
Sonicwall 7200
Sonicwall 7200 Firmware
Sonicwall 7210 Firmware
Sonicwall 6210
CWE CWE-862

13 May 2022, 21:07

Type Values Removed Values Added
New CVE
Information

Published : 2022-05-13 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-22282

Mitre link : CVE-2022-22282

CVE.ORG link : CVE-2022-22282

JSON object : View

Products Affected

sonicwall

  • sma_7210
  • sma_6200
  • sma_7210_firmware
  • sma_6210
  • sma_7200_firmware
  • sma_6200_firmware
  • sma_8000v
  • sma_8000v_firmware
  • sma_7200
  • sma_6210_firmware
CWE
NVD-CWE-Other CWE-284

Improper Access Control