Skip to main content

Sonicwall CVE-2024-22398

MEDIUM
Path Traversal (CWE-22)
2024-03-14 PSIRT@sonicwall.com
4.9
CVSS 3.1 · Vendor: sonicwall
Share

Severity by source

Vendor (sonicwall) PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Primary rating from Vendor (sonicwall) · only source for this CVE.

CVSS VectorVendor: sonicwall

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 14, 2024 - 04:15 cve.org
MEDIUM 4.9

DescriptionCVE.org

An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.

AnalysisAI

An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.

Affected ProductsAI

SonicWall Email Security Appliance.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2012-2962 MEDIUM POC
6.5 Jul 30

SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2

CVE-2014-8420 CRITICAL POC
9.0 Nov 25

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before

CVE-2012-3951 HIGH POC
7.5 Jul 31

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default passwor

CVE-2014-4977 MEDIUM POC
6.5 Jul 16

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute

CVE-2012-2626 MEDIUM POC
5.0 Jul 31

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not requir

CVE-2016-9683 CRITICAL POC
9.8 Feb 22

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerabili

CVE-2016-9682 CRITICAL POC
9.8 Feb 22

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabi

CVE-2023-34132 CRITICAL POC
9.8 Jul 13

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the

CVE-2023-34124 CRITICAL POC
9.8 Jul 13

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authenticatio

CVE-2016-9684 CRITICAL POC
9.8 Feb 22

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerabili

CVE-2023-34127 HIGH POC
8.8 Jul 13

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GM

CVE-2012-2627 CRITICAL POC
9.4 Jul 31

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote at

Share

CVE-2024-22398 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy