CVE-2022-1703
published 2022-06-08CVE-2022-1703: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS…
PriorityP180high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
11.11%
95.4th percentile
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sma | — | — |
| sonicwall | sma100 | — | — |
| sonicwall | sma100 | — | — |
| sonicwall | sma_210_firmware | <= 10.2.1.4-31sv | — |
| sonicwall | sma_210_firmware | <= 10.2.0.9-41sv | — |
| sonicwall | sma_410_firmware | <= 10.2.1.4-31sv | — |
| sonicwall | sma_410_firmware | <= 10.2.0.9-41sv | — |
| sonicwall | sma_500v_firmware | <= 10.2.1.4-31sv | — |
| sonicwall | sma_500v_firmware | <= 10.2.0.9-41sv | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target is the SonicWall SSL-VPN SMA100 series management interface; monitor for authenticated requests containing OS command injection payloads (e.g., shell metacharacters: ;, |, &&, $(), backticks) in management interface parameters ↗
- →Requires prior authentication; correlate anomalous authenticated sessions on SMA100 management interface with unexpected OS-level process spawning or outbound connections ↗
- ·Exploitation requires valid authentication credentials on the SMA100 management interface; unauthenticated exploitation is not indicated by available sources ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
cisa7.8HIGH
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2022-1703: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inje
vendor_sonicwall·2022-06-08·CVSS 8.8
CVE-2022-1703 [HIGH] CWE-78 CVE-2022-1703: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inje
CVE-2022-1703: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-8540 [HIGH] CWE-119 Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Vulnerability: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affected: Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Remediation Due Date: 2022-03-24
GHSA
GHSA-hqg7-64v9-2fg6: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inje
ghsa_unreviewed·2022-06-09
CVE-2022-1703 [HIGH] CWE-78 GHSA-hqg7-64v9-2fg6: Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inje
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
VulnCheck
SonicWall sma_210_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2022·CVSS 8.8
CVE-2022-1703 [HIGH] SonicWall sma_210_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
SonicWall sma_210_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
Affected: SonicWall sma_210_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://3354902.hs-sites.com/hubfs/Consulting/TTP%20Briefing/Cybereason_TTP_Briefing_Q3-2025.pdf
No detection rules found.
No public exploits indexed.
2022-06-08
Published
Exploited in the wild