Open redirect in SonicWall products - CVE-2022-1702
Published: May 17, 2022
Vulnerability identifier: #VU63314
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-1702
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SonicWall SMA 1000
SonicWall SMA 6200
SonicWall SMA 6210
SonicWall SMA 7200
SonicWall SMA 7210
SonicWall SMA 8000v
SonicWall SMA 1000
SonicWall SMA 6200
SonicWall SMA 6210
SonicWall SMA 7200
SonicWall SMA 7210
SonicWall SMA 8000v
Software vendor:
SonicWall
SonicWall
Description
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
Remediation
Install updates from vendor's website.