CVE-2022-2324

Published Jul 29, 2022

Last updated 7 months ago

CVSS high 7.5
Sonicwall

Overview

Description
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions
Source
PSIRT@sonicwall.com
NVD status
Analyzed
Products
hosted_email_security

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
HIGH

Weaknesses

PSIRT@sonicwall.com
CWE-358
nvd@nist.gov
CWE-290

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.CVE-2026-0205
  2. A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.CVE-2026-0206
  3. A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.CVE-2026-0204
  4. A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.CVE-2026-3439
  5. A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.CVE-2026-0400

References

Sources include official advisories and independent security research.