Unauthenticated SQL Injection Vulnerability in SonicWall GMS and Analytics
CVE-2022-22280

9.8CRITICAL

Key Information:

Vendor: Sonicwall
Status: Sonicwall Gms; Sonicwall Analytics On-prem
Vendor: CVE Published:; 29 July 2022

Summary

This vulnerability allows for improper neutralization of special elements used in an SQL command. It exposes SonicWall GMS and Analytics products to potential unauthorized access, enabling attackers to execute arbitrary SQL queries without authentication. This issue affects SonicWall GMS version 9.3.1-SP2-Hotfix1 and Analytics On-Prem version 2.5.0.3-2520, as well as earlier versions, creating a significant risk for affected users.

Affected Version(s)

SonicWall Analytics On-Prem 2.5.0.3-2520 and earlier

SonicWall GMS 9.3.1-SP2-Hotfix1 and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2022
Vulnerability Reserved
Dec 29, 2021