CVE-2022-2323

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions

Una neutralización inapropiada de los elementos especiales usados en una entrada de usuario permite a un usuario malicioso autenticado llevar a cabo una ejecución de código remota en el sistema anfitrión. Esta vulnerabilidad afecta a SonicWall Switch versiones 1.1.1-2s y anteriores

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-05 CVE Reserved
2022-07-29 CVE Published
2024-08-03 CVE Updated
2024-10-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0013	2022-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sonicwall Search vendor "Sonicwall"	Sws12-10fpoe Firmware Search vendor "Sonicwall" for product "Sws12-10fpoe Firmware"	< 1.2.0.0-3 Search vendor "Sonicwall" for product "Sws12-10fpoe Firmware" and version " < 1.2.0.0-3"	-	Affected	in	Sonicwall Search vendor "Sonicwall"	Sws12-10fpoe Search vendor "Sonicwall" for product "Sws12-10fpoe"	-	-	Safe
Sonicwall Search vendor "Sonicwall"	Sws12-8 Firmware Search vendor "Sonicwall" for product "Sws12-8 Firmware"	< 1.2.0.0-3 Search vendor "Sonicwall" for product "Sws12-8 Firmware" and version " < 1.2.0.0-3"	-	Affected	in	Sonicwall Search vendor "Sonicwall"	Sws12-8 Search vendor "Sonicwall" for product "Sws12-8"	-	-	Safe
Sonicwall Search vendor "Sonicwall"	Sws12-8poe Firmware Search vendor "Sonicwall" for product "Sws12-8poe Firmware"	< 1.2.0.0-3 Search vendor "Sonicwall" for product "Sws12-8poe Firmware" and version " < 1.2.0.0-3"	-	Affected	in	Sonicwall Search vendor "Sonicwall"	Sws12-8poe Search vendor "Sonicwall" for product "Sws12-8poe"	-	-	Safe
Sonicwall Search vendor "Sonicwall"	Sws14-24 Firmware Search vendor "Sonicwall" for product "Sws14-24 Firmware"	< 1.2.0.0-3 Search vendor "Sonicwall" for product "Sws14-24 Firmware" and version " < 1.2.0.0-3"	-	Affected	in	Sonicwall Search vendor "Sonicwall"	Sws14-24 Search vendor "Sonicwall" for product "Sws14-24"	-	-	Safe
Sonicwall Search vendor "Sonicwall"	Sws14-24fpoe Firmware Search vendor "Sonicwall" for product "Sws14-24fpoe Firmware"	< 1.2.0.0-3 Search vendor "Sonicwall" for product "Sws14-24fpoe Firmware" and version " < 1.2.0.0-3"	-	Affected	in	Sonicwall Search vendor "Sonicwall"	Sws14-24fpoe Search vendor "Sonicwall" for product "Sws14-24fpoe"	-	-	Safe
Sonicwall Search vendor "Sonicwall"	Sws14-48 Firmware Search vendor "Sonicwall" for product "Sws14-48 Firmware"	< 1.2.0.0-3 Search vendor "Sonicwall" for product "Sws14-48 Firmware" and version " < 1.2.0.0-3"	-	Affected	in	Sonicwall Search vendor "Sonicwall"	Sws14-48 Search vendor "Sonicwall" for product "Sws14-48"	-	-	Safe
Sonicwall Search vendor "Sonicwall"	Sws14-48fpoe Firmware Search vendor "Sonicwall" for product "Sws14-48fpoe Firmware"	< 1.2.0.0-3 Search vendor "Sonicwall" for product "Sws14-48fpoe Firmware" and version " < 1.2.0.0-3"	-	Affected	in	Sonicwall Search vendor "Sonicwall"	Sws14-48fpoe Search vendor "Sonicwall" for product "Sws14-48fpoe"	-	-	Safe