CVE-2022-22278
high-risk
Published 2022-04-27
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
Do I need to act?
-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Tz500 Firmware
Nsa 2650 Firmware
Nsa 2700 Firmware
Nsa 3650 Firmware
Nsa 3700 Firmware
Nsa 4650 Firmware
Nsa 4700 Firmware
Nsa 5650 Firmware
Nsa 5700 Firmware
Nsa 6650 Firmware
Nsa 6700 Firmware
Nsa 9250 Firmware
Nsa 9450 Firmware
Nsa 9650 Firmware
Tz500W Firmware
Tz570 Firmware
Tz570P Firmware
Tz570W Firmware
Tz600 Firmware
Tz600P Firmware
Affected Vendors
References (2)
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004
52
/ 100
high-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
25/34 · High