SonicWall Patches a Critical SQL Injection Vulnerability

July 25, 2022

SonicWall Patches a Critical SQL Injection Vulnerability

A critical SQL injection (SQLi) vulnerability affecting Analytics On-Premise and Global Management System (GMS) products has been patched by SonicWall.

The Vulnerability

  • CVE-2022-22280 (CVSS 3.0: 9.4, Critical) – Allows SQL injection due to improper neutralization of special elements used in an SQL Command.
    The vulnerability has a low attack complexity and may be exploited from the network without user interaction or authentication.

Affected Products

  • SonicWall GMS: 9.3.1-SP2-Hotfix1 and earlier versions.
  • SonicWall Analytics: 2.5.0.3-2520 and earlier versions.

Mitigation

CYREBRO recommends updating the vulnerable products to the fixed versions:

  • Analytics 2.5.0.3-2520-Hotfix1
  • GMS 9.3.1-SP2-Hotfix-2

References: SonicWall advisory.

Sign Up for Updates