Security Alert (A22-07-16): Vulnerability in SonicWall Products


 

Published on: 25 July 2022

Share on Facebook    Share on X   

Description:

SonicWall has released a security advisory to address an unauthenticated SQL injection vulnerability in SonicWall Analytics and GMS products. A remote unauthenticated attacker could exploit the vulnerability by sending specially crafted requests to an affected system.

 

Affected Systems:

  • SonicWall Analytics 2.5.0.3-2520 and earlier
  • SonicWall Global Management System (GMS) 9.3.1-SP2-Hotfix1 and earlier

 

Impact:

Successful exploitation of the vulnerability could lead to data tampering, information disclosure, security restriction bypass or compromise of an affected system.

 

Recommendation:

Software updates or patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22280


Tag: SonicWall , SonicWall Analytics , SonicWall GMS
Tags