Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Sma 210
HWSonicwallwszystkie wersjeSonicwall Sma 210 Firmware
OSSonicwall8.0.0.0 – 9.0.0.10-28sv (bez)Sonicwall Sma 410
HWSonicwallwszystkie wersjeSonicwall Sma 410 Firmware
OSSonicwall8.0.0.0 – 9.0.0.10-28sv (bez)Sonicwall Sma 500v
HWSonicwallwszystkie wersjeSonicwall Sma 500v Firmware
OSSonicwall8.0.0.0 – 9.0.0.10-28sv (bez)Sonicwall Sra 1600
HWSonicwallwszystkie wersjeSonicwall Sra 1600 Firmware
OSSonicwall8.0.0.0 – 9.0.0.10-28sv (bez)Sonicwall Sra 4600
HWSonicwallwszystkie wersjeSonicwall Sra 4600 Firmware
OSSonicwall8.0.0.0 – 9.0.0.10-28sv (bez)Sonicwall Sra Va
HWSonicwallwszystkie wersjeSonicwall Sra Va Firmware
OSSonicwall8.0.0.0 – 9.0.0.10-28sv (bez)
CISA KEV — detailsi
- Vendori
- SonicWall ↗
- Producti
- Secure Remote Access (SRA)
- Added to KEVi
- March 28, 2022
- Remediation deadline (US Federal)i
- April 18, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
The impacted product is end-of-life and should be disconnected if still in use.
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Related vulnerabilities
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variabl...
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker ...
SonicWall SMA 100 — nieautoryzowany upload pliku prowadzący do RCE
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-lif...