Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22278

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

Published

2022-04-27T17:15:07.453

Last Modified

2024-11-21T06:46:32.857

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-770
Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sonicwall	tz300p_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz300p	-	No
Operating System	sonicwall	tz300w_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz300w	-	No
Operating System	sonicwall	tz350_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz350	-	No
Operating System	sonicwall	tz350w_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz350w	-	No
Operating System	sonicwall	nssp_10700_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nssp_10700	-	No
Operating System	sonicwall	nssp_11700_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nssp_11700	-	No
Operating System	sonicwall	nssp_12400_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nssp_12400	-	No
Operating System	sonicwall	nssp_12800_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nssp_12800	-	No
Operating System	sonicwall	nssp_13700_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nssp_13700	-	No
Operating System	sonicwall	nssp_15700_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nssp_15700	-	No
Operating System	sonicwall	tz370_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz370	-	No
Operating System	sonicwall	tz370w_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz370w	-	No
Operating System	sonicwall	tz400_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz400	-	No
Operating System	sonicwall	nsv_10_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_10	-	No
Operating System	sonicwall	nsv_100_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_100	-	No
Operating System	sonicwall	nsv_1600_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_1600	-	No
Operating System	sonicwall	nsv_200_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_200	-	No
Operating System	sonicwall	nsv_25_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_25	-	No
Operating System	sonicwall	nsv_270_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_270	-	No
Operating System	sonicwall	nsv_300_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_300	-	No
Operating System	sonicwall	nsv_400_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_400	-	No
Operating System	sonicwall	nsv_470_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_470	-	No
Operating System	sonicwall	nsv_50_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_50	-	No
Operating System	sonicwall	nsv_800_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_800	-	No
Operating System	sonicwall	nsv_870_firmware	< 7.0.1.0	Yes
Hardware	sonicwall	nsv_870	-	No
Operating System	sonicwall	tz400w_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz400w	-	No
Operating System	sonicwall	tz470_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz470	-	No
Operating System	sonicwall	tz470w_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz470w	-	No
Operating System	sonicwall	tz500_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz500	-	No
Operating System	sonicwall	nsa_2650_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_2650	-	No
Operating System	sonicwall	nsa_2700_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_2700	-	No
Operating System	sonicwall	nsa_3650_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_3650	-	No
Operating System	sonicwall	nsa_3700_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_3700	-	No
Operating System	sonicwall	nsa_4650_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_4650	-	No
Operating System	sonicwall	nsa_4700_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_4700	-	No
Operating System	sonicwall	nsa_5650_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_5650	-	No
Operating System	sonicwall	nsa_5700_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_5700	-	No
Operating System	sonicwall	nsa_6650_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_6650	-	No
Operating System	sonicwall	nsa_6700_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_6700	-	No
Operating System	sonicwall	nsa_9250_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_9250	-	No
Operating System	sonicwall	nsa_9450_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_9450	-	No
Operating System	sonicwall	nsa_9650_firmware	< 7.0.1	Yes
Hardware	sonicwall	nsa_9650	-	No
Operating System	sonicwall	tz500w_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz500w	-	No
Operating System	sonicwall	tz570_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz570	-	No
Operating System	sonicwall	tz570p_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz570p	-	No
Operating System	sonicwall	tz570w_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz570w	-	No
Operating System	sonicwall	tz600_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz600	-	No
Operating System	sonicwall	tz600p_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz600p	-	No
Operating System	sonicwall	tz670_firmware	< 7.0.1	Yes
Hardware	sonicwall	tz670	-	No

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 Vendor Advisory ([email protected])
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)