CVE-2022-22279Relative Path Traversal in SMA 210 Firmware

CWE-23Relative Path TraversalCWE-22Path TraversalCWE-287Improper Authentication4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.5%
top 32.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Sonicwall SMA 210 FirmwareSonicwall SMA 410 FirmwareSonicwall SMA 500v Firmware+3 more
Timeline
PublishedApr 13
Latest updateApr 14

Description

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages6 packages

NVDsonicwall/sma_210_firmware< 9.0.0.10-28sv
NVDsonicwall/sma_410_firmware< 9.0.0.10-28sv
NVDsonicwall/sma_500v_firmware< 9.0.0.10-28sv
NVDsonicwall/sra_1200_firmware9.0.0.5-19sv
NVDsonicwall/sra_4200_firmware9.0.0.5-19sv

🔴Vulnerability Details

3
GHSA
GHSA-v364-rr92-9x6x: ** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and2022-04-14
CVEList
CVE-2022-22279: A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secur2022-04-13
VulnCheck
SonicWall sra_1200_firmware Relative Path Traversal2022
CVE-2022-22279 — Relative Path Traversal | cvebase