On Thursday, July 21, 2022, SonicWall disclosed a critical severity vulnerability – CVE-2022-22280 – impacting their Analytics On-Prem and Global Management System (GMS) products, which are used for central management and deployment of SonicWall firewalls, email security, remote access, and other solutions. The security flaw, an Improper Neutralization of Special Elements (CWE-138) used in an SQL command in SonicWall GMS and Analytics On-Prem, results in an unauthenticated SQL injection vulnerability.
Improper Neutralization of Special Elements results when a component does not neutralize or properly neutralize special elements before being sent to the application. Threat actors can leverage this type of vulnerability to execute unauthorized code or commands, crash a vulnerable system, or cause a denial-of-service event.
According to the SonicWall Product Security Incident Response Team (PSIRT), there is no evidence of active exploitation, or a proof-of-concept exploit associated with this vulnerability.
CVE-2022-22280 Impacted Products
|SonicWall Global Management System
|· GMS 9.3.1-SP2-Hotfix-1 and earlier
|· GMS 9.3.1-SP2-Hotfix-2
|SonicWall Analytics On-Prem
|· Analytics 188.8.131.52-2520 and earlier
|· Analytics 184.108.40.206-Hotfix-1
Recommendation #1: Apply the SonicWall Security Updates
SonicWall released security updates to remediate the vulnerability. We recommend applying the latest relevant security updates to the impacted products to mitigate CVE-2022-22280. There is no workaround available for this vulnerability.
Recommendation #2: Implement a Web Application Firewall
According to SonicWall PSIRT, incorporating a Web Application Firewall (WAF) to block SQL injection attempts will significantly decrease your exposure to CVE-2022-22280.