CVE-2022-22278
published 2022-04-27CVE-2022-22278: A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access…
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.88%
54.4th percentile
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | nsa_2650_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_2700_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_3650_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_3700_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_4650_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_4700_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_5650_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_5700_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_6650_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_6700_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_9250_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_9450_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nsa_9650_firmware | < 7.0.1 | 7.0.1 |
| sonicwall | nssp_10700_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nssp_11700_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nssp_12400_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nssp_12800_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nssp_13700_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nssp_15700_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nsv_100_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nsv_10_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nsv_1600_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nsv_200_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nsv_25_firmware | < 7.0.1.0 | 7.0.1.0 |
| sonicwall | nsv_270_firmware | < 7.0.1.0 | 7.0.1.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-27
Published