CVE-2022-22280

Name of the Vulnerable Software and Affected Versions SonicWall GMS versions 9.3.1-SP2-Hotfix1 and earlier SonicWall Analytics On-Prem versions 2.5.0.3-2520 and earlier

Description The issue is related to the improper neutralization of special elements used in an SQL command, leading to an unauthenticated SQL injection vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary SQL commands in the application's database. The vulnerability affects SonicWall's Global Management System (GMS) and Analytics On-Prem products. It is estimated that the surface of attack is significant due to the widespread use of these products in critical organizations for centralized management, rapid deployment, real-time reporting, and data analysis.

Recommendations For SonicWall GMS versions 9.3.1-SP2-Hotfix1 and earlier, update to GMS 9.3.1-SP2-Hotfix-2 or later. For SonicWall Analytics On-Prem versions 2.5.0.3-2520 and earlier, update to Analytics 2.5.0.3-Hotfix-1 or later. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation.