July 25, 2022
SonicWall Patches a Critical SQL Injection Vulnerability
A critical SQL injection (SQLi) vulnerability affecting Analytics On-Premise and Global Management System (GMS) products has been patched by SonicWall.
- CVE-2022-22280 (CVSS 3.0: 9.4, Critical) – Allows SQL injection due to improper neutralization of special elements used in an SQL Command.
The vulnerability has a low attack complexity and may be exploited from the network without user interaction or authentication.
- SonicWall GMS: 9.3.1-SP2-Hotfix1 and earlier versions.
- SonicWall Analytics: 22.214.171.124-2520 and earlier versions.
CYREBRO recommends updating the vulnerable products to the fixed versions:
- Analytics 126.96.36.199-2520-Hotfix1
- GMS 9.3.1-SP2-Hotfix-2
References: SonicWall advisory.