CVE-2022-22275 — Uncontrolled Resource Consumption in Sonicos

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 50.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall Sonicos

Timeline

PublishedApr 27

Latest updateApr 28

Description

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsonicwall/sonicos7.0.0.0 — 7.0.1-5030-r2007+2

▶CVEListV5sonicwall/sonicos4 versions+3

🔴Vulnerability Details

GHSA

GHSA-vpf5-gh59-9c93: Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially↗2022-04-28

▶

CVEList

CVE-2022-22275: Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially↗2022-04-27

▶