CVE-2022-22282Improper Access Control in Sma1000

CWE-284Improper Access ControlCWE-862Missing Authorization3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 38.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Sonicwall Sma1000Sonicwall SMA 6200 FirmwareSonicwall SMA 6210 Firmware+3 more
Timeline
PublishedMay 13
Latest updateMay 14

Description

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

CVEListV5sonicwall/sonicwall_sma100012.4.0, 12.4.1+1
NVDsonicwall/sma_6200_firmware12.4.0, 12.4.1+1
NVDsonicwall/sma_6210_firmware12.4.0, 12.4.1+1
NVDsonicwall/sma_7200_firmware12.4.0, 12.4.1+1
NVDsonicwall/sma_7210_firmware12.4.0, 12.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-8xpw-m3x3-rq75: SonicWall SMA1000 series firmware 122022-05-14
CVEList
CVE-2022-22282: SonicWall SMA1000 series firmware 122022-05-13
CVE-2022-22282 — Improper Access Control in Sma1000 | cvebase