CVE-2022-22280 – Critical SonicWall Vulnerability Impacting Analytics On-Prem and Global Management System Products

Share :

On Thursday 21 July 2022, SonicWall disclosed a critical severity vulnerability – CVE-2022-22280 – impacting their Analytics On-Prem and Global Management System (GMS) products, which are used for central management and deployment of SonicWall firewalls, email security, remote access, and other solutions. The security flaw, an Improper Neutralisation of Special Elements (CWE-138) used in an SQL command in SonicWall GMS and Analytics On-Prem, results in an unauthenticated SQL injection vulnerability.

Improper Neutralisation of Special Elements results when a component does not neutralise or properly neutralise special elements before being sent to the application. Threat actors can leverage this type of vulnerability to execute unauthorised code or commands, crash a vulnerable system, or cause a denial-of-service event.

According to the SonicWall Product Security Incident Response Team (PSIRT), there is no evidence of active exploitation, or a proof-of-concept exploit associated with this vulnerability.

CVE-2022-22280 Impacted Products

Product Affected Versions Fixed Versions
SonicWall Global Management System ·       GMS 9.3.1-SP2-Hotfix-1 and earlier ·       GMS 9.3.1-SP2-Hotfix-2
SonicWall Analytics On-Prem ·       Analytics and earlier ·       Analytics


Recommendation #1: Apply the SonicWall Security Updates

SonicWall released security updates to remediate the vulnerability. We recommend applying the latest relevant security updates to the impacted products to mitigate CVE-2022-22280. There is no workaround available for this vulnerability.

Recommendation #2: Implement a Web Application Firewall

According to SonicWall PSIRT, incorporating a Web Application Firewall (WAF) to block SQL injection attempts will significantly decrease your exposure to CVE-2022-22280.


James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents