Information disclosure in SonicOS - CVE-2022-22276

 

Information disclosure in SonicOS - CVE-2022-22276

Published: April 27, 2022


Vulnerability identifier: #VU62657
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22276
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: SonicWall
Affected software:
SonicOS

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to configured SNMP service remains accessible to external users even if the SNMP is disabled in firewall interfaces. A remote non-authenticated attacker can connect to the SNMP service and obtain sensitive information.


How to mitigate CVE-2022-22276

Install updates from vendor's website.

Sources