Security News > 2022 > July > SonicWall: Patch critical SQL injection bug immediately
SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS and Analytics On-Prem products.
The flaw, tracked as CVE-2022-22280, allows SQL injection due to improper neutralization of special elements used in an SQL Command.
"SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately," reads the SonicWall advisories.
SQL injection is a bug that allows attackers to modify a legitimate SQL query so that it performs unexpected behavior by inputting a string of specially crafted code in a web page's form or URL query variables.
Considering the widespread deployment of SonicWall GMS and Analytics, which are used for central management, rapid deployment, real-time reporting, and data insight, the attack surface is significant and typically on critical organizations.
SonicWall recommends the incorporation of a Web Application Firewall, which should be adequate for blocking SQL injection attacks even on unpatched deployments.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-29 | CVE-2022-22280 | SQL Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | 0.0 |