critical
9.8
CWE
78 77
Advisory Published
Updated

CVE-2022-22273: OS Command Injection

First published: Thu Mar 17 2022(Updated: )

** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions.

Credit: PSIRT@sonicwall.com

Affected SoftwareAffected VersionHow to fix
SonicWall SMA 200<=9.0.0.9-26sv
SonicWall SMA 200 firmware
SonicWall SMA 210<=9.0.0.9-26sv
SonicWall SMA 210 Firmware
SonicWall SMA 400<=9.0.0.9-26sv
SonicWall SMA 400 firmware
SonicWall SMA 410<=9.0.0.9-26sv
SonicWall SMA 410
SonicWall SMA 500v Firmware<=9.0.0.9-26sv
SonicWall SMA 500v Firmware
SonicWall Secure Remote Access (SRA) 4200<=9.0.0.5-19sv
SonicWall SRA 4200 Firmware
SonicWall Secure Remote Access (SRA) 4600<=9.0.0.5-19sv
SonicWall Secure Remote Access (SRA) 4600
SonicWall SRA 1600 firmware<=9.0.0.5-19sv
SonicWall SRA 1600 firmware
SonicWall SRA 1200<=9.0.0.5-19sv
SonicWall Secure Remote Access (SRA)
All of
SonicWall SMA 200<=9.0.0.9-26sv
SonicWall SMA 200 firmware
All of
SonicWall SMA 210<=9.0.0.9-26sv
SonicWall SMA 210 Firmware
All of
SonicWall SMA 400<=9.0.0.9-26sv
SonicWall SMA 400 firmware
All of
SonicWall SMA 410<=9.0.0.9-26sv
SonicWall SMA 410
All of
SonicWall SMA 500v Firmware<=9.0.0.9-26sv
SonicWall SMA 500v Firmware
All of
SonicWall Secure Remote Access (SRA) 4200<=9.0.0.5-19sv
SonicWall SRA 4200 Firmware
All of
SonicWall Secure Remote Access (SRA) 4600
SonicWall Secure Remote Access (SRA) 4600<=9.0.0.5-19sv
All of
SonicWall SRA 1600 firmware
SonicWall SRA 1600 firmware<=9.0.0.5-19sv
All of
SonicWall Secure Remote Access (SRA)
SonicWall SRA 1200<=9.0.0.5-19sv

Remedy

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2022-22273.

  • What is the severity of CVE-2022-22273?

    The severity of CVE-2022-22273 is critical with a severity value of 9.8.

  • Which products are affected by CVE-2022-22273?

    The end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products are affected by CVE-2022-22273.

  • How can I fix CVE-2022-22273?

    To fix CVE-2022-22273, it is recommended to update to a supported firmware version or migrate to a supported product.

  • Where can I find more information about CVE-2022-22273?

    You can find more information about CVE-2022-22273 on the SonicWall Product Security Incident Response Team (PSIRT) website.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203