#VU61613 Stack-based buffer overflow in SonicWall products - CVE-2022-22274

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU61613

#VU61613 Stack-based buffer overflow in SonicWall products - CVE-2022-22274

Published: March 25, 2022 / Updated: January 23, 2024


Vulnerability identifier: #VU61613
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2022-22274
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability: Public exploit is available
Vulnerable software:
SonicOS
TZ270
TZ270W
TZ370
TZ370W
TZ470
TZ470W
TZ570
TZ570W
TZ570P
TZ670
NSa 2700
NSa 3700
NSa 4700
NSa 5700
NSa 6700
NSsp 10700
NSsp 11700
NSsp 13700
NSv 270
NSv 470
NSv 870
NSsp 15700
NSv 10
NSv 25
NSv 50
NSv 100
NSv 200
NSv 300
NSv 400
NSv 800
NSv 1600
Software vendor:
SonicWall

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can send a specially crafted HTTP request, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install updates from vendor's website.

External links