CVE-2022-22278
HIGHSonicWall Multiple Firewalls < 7.0.1 - DoS via CFS 403 Response
Title source: llmDescription
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
50.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (49)
sonicwall/nsa_2650_firmware
< 7.0.1
sonicwall/nsa_2700_firmware
< 7.0.1
sonicwall/nsa_3650_firmware
< 7.0.1
sonicwall/nsa_3700_firmware
< 7.0.1
sonicwall/nsa_4650_firmware
< 7.0.1
sonicwall/nsa_4700_firmware
< 7.0.1
sonicwall/nsa_5650_firmware
< 7.0.1
sonicwall/nsa_5700_firmware
< 7.0.1
sonicwall/nsa_6650_firmware
< 7.0.1
sonicwall/nsa_6700_firmware
< 7.0.1
... and 39 more
Published
Apr 27, 2022
Tracked Since
Feb 18, 2026