CVE-2022-22275

7.5HIGH

Key Information

Vendor
Sonicwall
Status
Sonicos
Vendor
CVE Published:
27 April 2022

Summary

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

Affected Version(s)

SonicOS = SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions.

SonicOS = SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions.

SonicOS = SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions.

Refferences

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.