On Thursday 21 July 2022, SonicWall disclosed a critical severity vulnerability – CVE-2022-22280 – impacting their Analytics On-Prem and Global Management System (GMS) products, which are used for central management and deployment of SonicWall firewalls, email security, remote access, and other solutions. The security flaw, an Improper Neutralisation of Special Elements (CWE-138) used in an SQL command in SonicWall GMS and Analytics On-Prem, results in an unauthenticated SQL injection vulnerability.
Improper Neutralisation of Special Elements results when a component does not neutralise or properly neutralise special elements before being sent to the application. Threat actors can leverage this type of vulnerability to execute unauthorised code or commands, crash a vulnerable system, or cause a denial-of-service event.
According to the SonicWall Product Security Incident Response Team (PSIRT), there is no evidence of active exploitation, or a proof-of-concept exploit associated with this vulnerability.
CVE-2022-22280 Impacted Products
| Product | Affected Versions | Fixed Versions |
| SonicWall Global Management System | · GMS 9.3.1-SP2-Hotfix-1 and earlier | · GMS 9.3.1-SP2-Hotfix-2 |
| SonicWall Analytics On-Prem | · Analytics 2.5.0.3-2520 and earlier | · Analytics 2.5.0.3-Hotfix-1 |
Recommendations
Recommendation #1: Apply the SonicWall Security Updates
SonicWall released security updates to remediate the vulnerability. We recommend applying the latest relevant security updates to the impacted products to mitigate CVE-2022-22280. There is no workaround available for this vulnerability.
Recommendation #2: Implement a Web Application Firewall
According to SonicWall PSIRT, incorporating a Web Application Firewall (WAF) to block SQL injection attempts will significantly decrease your exposure to CVE-2022-22280.
