CVE-2022-2915Heap-based Buffer Overflow in SMA 200 Firmware

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Sonicwall SMA 200 FirmwareSonicwall SMA 210 FirmwareSonicwall SMA 400 Firmware+3 more
Timeline
PublishedAug 26
Latest updateAug 27

Description

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5sonicwall/sma10010.2.1.5-34sv and earlier
NVDsonicwall/sma_200_firmware10.2.1.5-34sv
NVDsonicwall/sma_210_firmware10.2.1.5-34sv
NVDsonicwall/sma_400_firmware10.2.1.5-34sv
NVDsonicwall/sma_410_firmware10.2.1.5-34sv

🔴Vulnerability Details

3
GHSA
GHSA-44v4-vjm7-8fmf: A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) o2022-08-27
CVEList
CVE-2022-2915: A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) o2022-08-26
VulnCheck
SonicWall sma_200_firmware Heap-based Buffer Overflow2022
CVE-2022-2915 — Heap-based Buffer Overflow | cvebase