CVE-2022-22275 : Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

Published 2022-04-27 17:15:07

Updated 2022-05-12 02:49:58

Source SonicWALL, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-22275

Sonicwall » Sonicos
Versions from including (>=) 7.0.0.0 and up to, including, (<=) 7.0.1.0-5030-1391
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Nsv 10 » Version: N/A
When used together with: Sonicwall » Nsv 100 » Version: N/A
When used together with: Sonicwall » Nsv 200 » Version: N/A
When used together with: Sonicwall » Nsv 25 » Version: N/A
When used together with: Sonicwall » Nsv 270 » Version: N/A
When used together with: Sonicwall » Nsv 300 » Version: N/A
When used together with: Sonicwall » Nsv 400 » Version: N/A
When used together with: Sonicwall » Nsv 470 » Version: N/A
When used together with: Sonicwall » Nsv 50 » Version: N/A
When used together with: Sonicwall » Nsv 800 » Version: N/A
When used together with: Sonicwall » Nsv 870 » Version: N/A
Sonicwall » Sonicos
Versions from including (>=) 7.0.0.0 and up to, including, (<=) 7.0.1-5030-r780
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Nssp 10700 » Version: N/A
When used together with: Sonicwall » Nssp 11700 » Version: N/A
When used together with: Sonicwall » Nssp 12400 » Version: N/A
When used together with: Sonicwall » Nssp 12800 » Version: N/A
When used together with: Sonicwall » Nssp 13700 » Version: N/A
Sonicwall » Sonicos
Versions from including (>=) 7.0.0.0 and up to, including, (<=) 7.0.1-5030-r2007
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Nsa 2650 » Version: N/A
When used together with: Sonicwall » Nsa 2700 » Version: N/A
When used together with: Sonicwall » Nsa 3650 » Version: N/A
When used together with: Sonicwall » Nsa 3700 » Version: N/A
When used together with: Sonicwall » Nsa 4650 » Version: N/A
When used together with: Sonicwall » Nsa 4700 » Version: N/A
When used together with: Sonicwall » Nsa 5650 » Version: N/A
When used together with: Sonicwall » Nsa 5700 » Version: N/A
When used together with: Sonicwall » Nsa 6650 » Version: N/A
When used together with: Sonicwall » Nsa 6700 » Version: N/A
When used together with: Sonicwall » Nsa 9250 » Version: N/A
When used together with: Sonicwall » Nsa 9450 » Version: N/A
When used together with: Sonicwall » Nsa 9650 » Version: N/A
When used together with: Sonicwall » Soho 250 » Version: N/A
When used together with: Sonicwall » Soho 250w » Version: N/A
When used together with: Sonicwall » Tz270 » Version: N/A
When used together with: Sonicwall » Tz270w » Version: N/A
When used together with: Sonicwall » Tz300 » Version: N/A
When used together with: Sonicwall » Tz300p » Version: N/A
When used together with: Sonicwall » Tz300w » Version: N/A
When used together with: Sonicwall » Tz350 » Version: N/A
When used together with: Sonicwall » Tz350w » Version: N/A
When used together with: Sonicwall » Tz370 » Version: N/A
When used together with: Sonicwall » Tz370w » Version: N/A
When used together with: Sonicwall » Tz400 » Version: N/A
When used together with: Sonicwall » Tz400w » Version: N/A
When used together with: Sonicwall » Tz470 » Version: N/A
When used together with: Sonicwall » Tz470w » Version: N/A
When used together with: Sonicwall » Tz500 » Version: N/A
When used together with: Sonicwall » Tz500w » Version: N/A
When used together with: Sonicwall » Tz570 » Version: N/A
When used together with: Sonicwall » Tz570p » Version: N/A
When used together with: Sonicwall » Tz570w » Version: N/A
When used together with: Sonicwall » Tz600 » Version: N/A
When used together with: Sonicwall » Tz600p » Version: N/A
When used together with: Sonicwall » Tz670 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-22275

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-22275

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-22275

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: PSIRT@sonicwall.com (Secondary)

References for CVE-2022-22275

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004

Security Advisory
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-22275

Products affected by CVE-2022-22275

Exploit prediction scoring system (EPSS) score for CVE-2022-22275

CVSS scores for CVE-2022-22275

CWE ids for CVE-2022-22275

References for CVE-2022-22275