Information disclosure in SonicOS - CVE-2022-22276
Published: April 27, 2022
Vulnerability identifier: #VU62657
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22276
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SonicOS
SonicOS
Software vendor:
SonicWall
SonicWall
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to configured SNMP service remains accessible to external users even if the SNMP is disabled in firewall interfaces. A remote non-authenticated attacker can connect to the SNMP service and obtain sensitive information.
Remediation
Install updates from vendor's website.