CRITICAL🇵🇱 Wersja polska

CVE-2022-22273

CVSS 9.8v3.1pub. 2022-03-17upd. 2024-11-21

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Sma 200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 200 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.9-26sv
  • Sonicwall Sma 210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 210 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.9-26sv
  • Sonicwall Sma 400

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 400 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.9-26sv
  • Sonicwall Sma 410

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 410 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.9-26sv
  • Sonicwall Sma 500v

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma 500v Firmware

    OS
    Sonicwall
    ≤ 9.0.0.9-26sv
  • Sonicwall Sra 1200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sra 1200 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.5-19sv
  • Sonicwall Sra 1600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sra 1600 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.5-19sv
  • Sonicwall Sra 4200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sra 4200 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.5-19sv
  • Sonicwall Sra 4600

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sra 4600 Firmware

    OS
    Sonicwall
    ≤ 9.0.0.5-19sv
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie

CVE-2021-20038CRITICAL9.8⚠ KEVten sam produkt

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...

CVE-2021-20028CRITICAL9.8⚠ KEVten sam produkt

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure R...

CVE-2021-20016CRITICAL9.8⚠ KEVten sam produkt

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...

CVE-2025-40599CRITICAL9.1PL ✓ten sam produkt

SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE