cbcvebase.
CVE-2022-22278
published 2022-04-27

CVE-2022-22278: A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access…

PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.88%
54.4th percentile
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

Affected

53 ranges· showing 25
VendorProductVersion rangeFixed in
sonicwallnsa_2650_firmware< 7.0.17.0.1
sonicwallnsa_2700_firmware< 7.0.17.0.1
sonicwallnsa_3650_firmware< 7.0.17.0.1
sonicwallnsa_3700_firmware< 7.0.17.0.1
sonicwallnsa_4650_firmware< 7.0.17.0.1
sonicwallnsa_4700_firmware< 7.0.17.0.1
sonicwallnsa_5650_firmware< 7.0.17.0.1
sonicwallnsa_5700_firmware< 7.0.17.0.1
sonicwallnsa_6650_firmware< 7.0.17.0.1
sonicwallnsa_6700_firmware< 7.0.17.0.1
sonicwallnsa_9250_firmware< 7.0.17.0.1
sonicwallnsa_9450_firmware< 7.0.17.0.1
sonicwallnsa_9650_firmware< 7.0.17.0.1
sonicwallnssp_10700_firmware< 7.0.1.07.0.1.0
sonicwallnssp_11700_firmware< 7.0.1.07.0.1.0
sonicwallnssp_12400_firmware< 7.0.1.07.0.1.0
sonicwallnssp_12800_firmware< 7.0.1.07.0.1.0
sonicwallnssp_13700_firmware< 7.0.1.07.0.1.0
sonicwallnssp_15700_firmware< 7.0.1.07.0.1.0
sonicwallnsv_100_firmware< 7.0.1.07.0.1.0
sonicwallnsv_10_firmware< 7.0.1.07.0.1.0
sonicwallnsv_1600_firmware< 7.0.1.07.0.1.0
sonicwallnsv_200_firmware< 7.0.1.07.0.1.0
sonicwallnsv_25_firmware< 7.0.1.07.0.1.0
sonicwallnsv_270_firmware< 7.0.1.07.0.1.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.