Security News > 2022 > July > SonicWall: Patch critical SQL injection bug immediately
SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS and Analytics On-Prem products.
The flaw, tracked as CVE-2022-22280, allows SQL injection due to improper neutralization of special elements used in an SQL Command.
"SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately," reads the SonicWall advisories.
SQL injection is a bug that allows attackers to modify a legitimate SQL query so that it performs unexpected behavior by inputting a string of specially crafted code in a web page's form or URL query variables.
Considering the widespread deployment of SonicWall GMS and Analytics, which are used for central management, rapid deployment, real-time reporting, and data insight, the attack surface is significant and typically on critical organizations.
SonicWall recommends the incorporation of a Web Application Firewall, which should be adequate for blocking SQL injection attacks even on unpatched deployments.
News URL
Related news
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- SonicWall urges admins to patch exploitable SSLVPN bug immediately (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-29 | CVE-2022-22280 | SQL Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | 9.8 |