CVE-2022-22278 — Allocation of Resources Without Limits or Throttling in Sonicos

CWE-770 — Allocation of Resources Without Limits or Throttling3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 50.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall NSA 2650 Firmware Sonicwall NSA 2700 Firmware Sonicwall NSA 3650 Firmware +47 more

Timeline

PublishedApr 27

Latest updateApr 28

Description

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages50 packages

▶CVEListV5sonicwall/sonicos4 versions+3

▶NVDsonicwall/tz350_firmware< 7.0.1

▶NVDsonicwall/tz370_firmware< 7.0.1

▶NVDsonicwall/tz400_firmware< 7.0.1

▶NVDsonicwall/tz470_firmware< 7.0.1

🔴Vulnerability Details

GHSA

GHSA-fpfj-wp86-qmrq: A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to↗2022-04-28

▶

CVEList

CVE-2022-22278: A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to↗2022-04-27

▶