CVE-2022-22273 — CRITICAL (9.8)

Q: How severe is CVE-2022-22273?

CVE-2022-22273 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-22273?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware, Sonicwall Sma 210, Sonicwall Sma 400 Firmware.

Vulnerability Description

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sonicwall	Sma 200 Firmware	<= 9.0.0.9-26sv
Sonicwall	Sma 200	-
Sonicwall	Sma 210 Firmware	<= 9.0.0.9-26sv
Sonicwall	Sma 210	-
Sonicwall	Sma 400 Firmware	<= 9.0.0.9-26sv
Sonicwall	Sma 400	-
Sonicwall	Sma 410 Firmware	<= 9.0.0.9-26sv
Sonicwall	Sma 410	-
Sonicwall	Sma 500V Firmware	<= 9.0.0.9-26sv
Sonicwall	Sma 500V	-
Sonicwall	Sra 4200 Firmware	<= 9.0.0.5-19sv
Sonicwall	Sra 4200	-
Sonicwall	Sra 4600 Firmware	<= 9.0.0.5-19sv
Sonicwall	Sra 4600	-
Sonicwall	Sra 1600 Firmware	<= 9.0.0.5-19sv
Sonicwall	Sra 1600	-
Sonicwall	Sra 1200 Firmware	<= 9.0.0.5-19sv
Sonicwall	Sra 1200	-

Related Weaknesses (CWE)

CWE-78

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001PatchVendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001PatchVendor Advisory

FAQ

What is CVE-2022-22273?

CVE-2022-22273 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access ...

How severe is CVE-2022-22273?

CVE-2022-22273 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-22273?

Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware, Sonicwall Sma 210, Sonicwall Sma 400 Firmware.