CVE-2022-22275

7.5HIGH

Key Information

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 27 April 2022

Summary

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

Affected Version(s)

SonicOS = SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions.

SonicOS = SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions.

SonicOS = SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 27, 2022
Vulnerability Reserved.
Dec 29, 2021

Collectors

NVD DatabaseMitre Database