Security News > 2022 > July > SonicWall: Patch critical SQL injection bug immediately

SonicWall: Patch critical SQL injection bug immediately
2022-07-22 17:01

SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS and Analytics On-Prem products.

The flaw, tracked as CVE-2022-22280, allows SQL injection due to improper neutralization of special elements used in an SQL Command.

"SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately," reads the SonicWall advisories.

SQL injection is a bug that allows attackers to modify a legitimate SQL query so that it performs unexpected behavior by inputting a string of specially crafted code in a web page's form or URL query variables.

Considering the widespread deployment of SonicWall GMS and Analytics, which are used for central management, rapid deployment, real-time reporting, and data insight, the attack surface is significant and typically on critical organizations.

SonicWall recommends the incorporation of a Web Application Firewall, which should be adequate for blocking SQL injection attacks even on unpatched deployments.


News URL

https://www.bleepingcomputer.com/news/security/sonicwall-patch-critical-sql-injection-bug-immediately/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-07-29 CVE-2022-22280 SQL Injection vulnerability in Sonicwall Analytics and Global Management System
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
network
low complexity
sonicwall CWE-89
critical
9.8