CVE-2022-22279: Path Traversal
First published: Wed Apr 13 2022(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions.
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| SonicWall SRA 1200 | <=9.0.0.5-19sv | |
| SonicWall SRA 1200 Firmware | ||
| All of | ||
| SonicWall Secure Remote Access (SRA) 4200 | <=9.0.0.5-19sv | |
| SonicWall SRA 4200 Firmware | ||
| All of | ||
| SonicWall SMA 210 | <9.0.0.10-28sv | |
| SonicWall SMA 210 Firmware | ||
| All of | ||
| SonicWall SMA 410 | <9.0.0.10-28sv | |
| SonicWall SMA 410 | ||
| All of | ||
| SonicWall SMA 500v Firmware | <9.0.0.10-28sv | |
| SonicWall SMA 500v Firmware | ||
| SonicWall SRA 1200 | <=9.0.0.5-19sv | |
| SonicWall SRA 1200 Firmware | ||
| SonicWall Secure Remote Access (SRA) 4200 | <=9.0.0.5-19sv | |
| SonicWall SRA 4200 Firmware | ||
| SonicWall SMA 210 | <9.0.0.10-28sv | |
| SonicWall SMA 210 Firmware | ||
| SonicWall SMA 410 | <9.0.0.10-28sv | |
| SonicWall SMA 410 | ||
| SonicWall SMA 500v Firmware | <9.0.0.10-28sv | |
| SonicWall SMA 500v Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-22279?
CVE-2022-22279 is a post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products.
Which Sonicwall products are affected by CVE-2022-22279?
The SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions, as well as the SMA 210, SMA 410, and SMA 500v firmware versions up to 9.0.0.10-28sv, are affected.
What is the severity of CVE-2022-22279?
CVE-2022-22279 has a severity rating of 4.9 (medium).
How can I mitigate the vulnerability of CVE-2022-22279?
Apply the latest firmware updates provided by Sonicwall and ensure the affected products are up-to-date.
Where can I find more information about CVE-2022-22279?
You can find more information about CVE-2022-22279 on the Sonicwall PSIRT website: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0006
- agent/author
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sonicwall
- canonical/sonicwall sra 1200
- version/sonicwall sra 1200/9.0.0.5-19sv
- canonical/sonicwall sra 1200 firmware
- canonical/sonicwall secure remote access (sra) 4200
- version/sonicwall secure remote access (sra) 4200/9.0.0.5-19sv
- canonical/sonicwall sra 4200 firmware
- canonical/sonicwall sma 210
- canonical/sonicwall sma 210 firmware
- canonical/sonicwall sma 410
- canonical/sonicwall sma 500v firmware