CVE-2022-22282 An attacker can access a resource using HTTP connections from an unauthorized actor, which leads to the Incapacita Access Control vulnerability.

Access to the remotely managed device using HTTP protocol is disabled if the device does not have an active VPN connection. If the device has a VPN connection enabled, the HTTP access will work as expected. The following figure shows the affected device.

Access to the remotely managed device using HTTP protocol is disabled if the device does not have an active VPN connection. If the device has a VPN connection enabled, the HTTP access will work as expected. The following figure shows the affected device. Access to the remotely managed device using HTTP protocol is disabled if the device does not have an active VPN connection. If the device has a VPN connection enabled, the HTTP access will work as expected. The following figure shows the affected device.

Impact: An attacker could exploit this vulnerability to access the device via HTTP protocol.

CVE number: This issue was resolved in firmware version 12.4.1-02966.

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions has a Denial of Service vulnerability due to the insufficient validation of certain parameters received from the management interface.

Details

An attacker could exploit this vulnerability to access the device via HTTP protocol. This issue was resolved in firmware version 12.4.1-02966.

Overview

A Denial of Service vulnerability is a type of software vulnerability that can be exploited to cause the target system to stop working or perform unintended actions.

Affected devices: SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions are vulnerable to this vulnerability. This issue was resolved in firmware version 12.4.1-02966.

Description

CVE-2022-22282: This issue is a Denial of Service vulnerability due to the insufficient validation of certain parameters received from the management interface. An attacker could exploit this vulnerability to cause the device to crash or hang.

SonicWall SMA1000 series firmware 12.4.1-02965, 12.4.2-02966 and earlier versions has a Denial of Service vulnerability due to the insufficient validation of certain parameters received from the management interface.

Impact: An attacker could exploit this vulnerability to cause the device to go offline or reboot while using HTTP protocol.

CVE number: This issue was resolved in firmware version 12.4.1-02966.

Timeline

Published on: 05/13/2022 20:15:00 UTC
Last modified on: 07/21/2022 13:29:00 UTC

References

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22282