Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01579.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
SonicWall SonicWall SRA/SMA100 affected
Version Status Constraints
SRA Series 9.0.0.5-19sv and earlier versions. affected
SMA100 Series 9.0.0.9-26sv and earlier versions. affected

Configuration 1 [-]

AND
cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:sonicwall:sra_4200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_4200:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:sonicwall:sra_4600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_4600:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:sonicwall:sra_1600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_1600:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:sonicwall:sra_1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sra_1200:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Sonicwall Subscribe
Sma 100 Subscribe
Sma 200 Subscribe
Sma 200 Firmware Subscribe
Sma 210 Subscribe
Sma 210 Firmware Subscribe
Sma 400 Subscribe
Sma 400 Firmware Subscribe
Sma 410 Subscribe
Sma 410 Firmware Subscribe
Sma 500v Subscribe
Sma 500v Firmware Subscribe
Sra Subscribe
Sra 1200 Subscribe
Sra 1200 Firmware Subscribe
Sra 1600 Subscribe
Sra 1600 Firmware Subscribe
Sra 4200 Subscribe
Sra 4200 Firmware Subscribe
Sra 4600 Subscribe
Sra 4600 Firmware Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0001 cve-icon cve-icon
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.05872}

 epss

{'score': 0.01481}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: sonicwall

Published:

Updated: 2024-08-03T03:07:50.311Z

Reserved: 2021-12-29T00:00:00

Link: CVE-2022-22273

cve-icon Vulnrichment

Updated: 2024-05-14T18:19:49.396Z

cve-icon NVD

Status : Modified

Published: 2022-03-17T02:15:06.567

Modified: 2024-11-21T06:46:32.127

Link: CVE-2022-22273

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses