Weak Encryption in SonicWall SMA1000 Series Firmware
CVE-2022-1701

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Sonicwall Sma1000
Vendor: CVE Published:; 13 May 2022

What is CVE-2022-1701?

The SonicWall SMA1000 series firmware prior to version 12.4.1-02965 allows for inadequate protection of sensitive data due to the use of a shared and hard-coded encryption key. This vulnerability can potentially expose stored information, posing significant risks to data confidentiality and integrity. Users are encouraged to update their firmware to safeguard against this exposure.

Affected Version(s)

SonicWall SMA1000 12.4.0

SonicWall SMA1000 12.4.1

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2022
Vulnerability Reserved
May 12, 2022

Sonicwall

What is CVE-2022-1701?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline