CVE-2022-22275

Published: Apr 27, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

Affected (3)

Products: Sonicwall: Sonicos

Sonicwall

1 product

Sonicos

Configuration A

1 vulnerable · 36 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	From 7.0.0.0 to 7.0.1-5030-r2007

Running on/with	Platform Versions
Sonicwall Nsa 2650	All versions
Sonicwall Nsa 2700	All versions
Sonicwall Nsa 3650	All versions
Sonicwall Nsa 3700	All versions
Sonicwall Nsa 4650	All versions
Sonicwall Nsa 4700	All versions
Sonicwall Nsa 5650	All versions
Sonicwall Nsa 5700	All versions
Sonicwall Nsa 6650	All versions
Sonicwall Nsa 6700	All versions
Sonicwall Nsa 9250	All versions
Sonicwall Nsa 9450	All versions
Sonicwall Nsa 9650	All versions
Sonicwall Soho 250	All versions
Sonicwall Soho 250w	All versions
Sonicwall Tz270	All versions
Sonicwall Tz270w	All versions
Sonicwall Tz300	All versions
Sonicwall Tz300p	All versions
Sonicwall Tz300w	All versions
Sonicwall Tz350	All versions
Sonicwall Tz350w	All versions
Sonicwall Tz370	All versions
Sonicwall Tz370w	All versions
Sonicwall Tz400	All versions
Sonicwall Tz400w	All versions
Sonicwall Tz470	All versions
Sonicwall Tz470w	All versions
Sonicwall Tz500	All versions
Sonicwall Tz500w	All versions
Sonicwall Tz570	All versions
Sonicwall Tz570p	All versions
Sonicwall Tz570w	All versions
Sonicwall Tz600	All versions
Sonicwall Tz600p	All versions
Sonicwall Tz670	All versions

Configuration B

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	From 7.0.0.0 to 7.0.1.0-5030-1391

Running on/with	Platform Versions
Sonicwall Nsv 10	All versions
Sonicwall Nsv 100	All versions
Sonicwall Nsv 200	All versions
Sonicwall Nsv 25	All versions
Sonicwall Nsv 270	All versions
Sonicwall Nsv 300	All versions
Sonicwall Nsv 400	All versions
Sonicwall Nsv 470	All versions
Sonicwall Nsv 50	All versions
Sonicwall Nsv 800	All versions
Sonicwall Nsv 870	All versions

Configuration C

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos	From 7.0.0.0 to 7.0.1-5030-r780

Running on/with	Platform Versions
Sonicwall Nssp 10700	All versions
Sonicwall Nssp 11700	All versions
Sonicwall Nssp 12400	All versions
Sonicwall Nssp 12800	All versions
Sonicwall Nssp 13700	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004

Source: PSIRT@sonicwall.com

Vendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.