Vulnerability Description
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Tz300P Firmware | < 7.0.1 |
| Sonicwall | Tz300P | - |
| Sonicwall | Tz300W Firmware | < 7.0.1 |
| Sonicwall | Tz300W | - |
| Sonicwall | Tz350 Firmware | < 7.0.1 |
| Sonicwall | Tz350 | - |
| Sonicwall | Tz350W Firmware | < 7.0.1 |
| Sonicwall | Tz350W | - |
| Sonicwall | Nssp 10700 Firmware | < 7.0.1.0 |
| Sonicwall | Nssp 10700 | - |
| Sonicwall | Nssp 11700 Firmware | < 7.0.1.0 |
| Sonicwall | Nssp 11700 | - |
| Sonicwall | Nssp 12400 Firmware | < 7.0.1.0 |
| Sonicwall | Nssp 12400 | - |
| Sonicwall | Nssp 12800 Firmware | < 7.0.1.0 |
| Sonicwall | Nssp 12800 | - |
| Sonicwall | Nssp 13700 Firmware | < 7.0.1.0 |
| Sonicwall | Nssp 13700 | - |
| Sonicwall | Nssp 15700 Firmware | < 7.0.1.0 |
| Sonicwall | Nssp 15700 | - |
Related Weaknesses (CWE)
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004Vendor Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004Vendor Advisory
FAQ
What is CVE-2022-22278?
CVE-2022-22278 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacke...
How severe is CVE-2022-22278?
CVE-2022-22278 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22278?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Tz300P Firmware, Sonicwall Tz300P, Sonicwall Tz300W Firmware, Sonicwall Tz300W, Sonicwall Tz350 Firmware.