Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22274

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

Published

2022-03-25T23:15:08.353

Last Modified

2024-11-21T06:46:32.270

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-121
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System sonicwall sonicos ≤ 7.0.1-5050 Yes
Hardware sonicwall nsa_2700 - No
Hardware sonicwall nsa_3700 - No
Hardware sonicwall nsa_4700 - No
Hardware sonicwall nsa_5700 - No
Hardware sonicwall nsa_6700 - No
Hardware sonicwall nssp_10700 - No
Hardware sonicwall nssp_11700 - No
Hardware sonicwall nssp_13700 - No
Hardware sonicwall nsv_270 - No
Hardware sonicwall nsv_470 - No
Hardware sonicwall nsv_870 - No
Hardware sonicwall tz270 - No
Hardware sonicwall tz270w - No
Hardware sonicwall tz370 - No
Hardware sonicwall tz370w - No
Hardware sonicwall tz470 - No
Hardware sonicwall tz470w - No
Hardware sonicwall tz570 - No
Hardware sonicwall tz570p - No
Hardware sonicwall tz570w - No
Hardware sonicwall tz670 - No
Operating System sonicwall sonicos ≤ 7.0.1-r579 Yes
Hardware sonicwall nssp_15700 - No
Operating System sonicwall sonicosv ≤ 6.5.4.4-44v-21-1452 Yes
Hardware sonicwall nsv_10 - No
Hardware sonicwall nsv_100 - No
Hardware sonicwall nsv_1600 - No
Hardware sonicwall nsv_200 - No
Hardware sonicwall nsv_25 - No
Hardware sonicwall nsv_300 - No
Hardware sonicwall nsv_400 - No
Hardware sonicwall nsv_50 - No
Hardware sonicwall nsv_800 - No
References