CVE-2022-1701 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sonicwall	Sma 6200 Firmware	12.4.0
Sonicwall	Sma 6200	-
Sonicwall	Sma 6210 Firmware	12.4.0
Sonicwall	Sma 6210	-
Sonicwall	Sma 7200 Firmware	12.4.0
Sonicwall	Sma 7200	-
Sonicwall	Sma 7210 Firmware	12.4.0
Sonicwall	Sma 7210	-
Sonicwall	Sma 8000V Firmware	12.4.0
Sonicwall	Sma 8000V	-

Related Weaknesses (CWE)

CWE-321 CWE-798

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009Vendor Advisory

FAQ

What is CVE-2022-1701?

CVE-2022-1701 is a vulnerability with a CVSS score of 7.5 (HIGH). SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

How severe is CVE-2022-1701?

CVE-2022-1701 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1701?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 6200 Firmware, Sonicwall Sma 6200, Sonicwall Sma 6210 Firmware, Sonicwall Sma 6210, Sonicwall Sma 7200 Firmware.