vulnerability
SonicWall SonicOS: CVE-2022-22274: Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 25, 2022 | May 25, 2026 | May 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 25, 2022
Added
May 25, 2026
Modified
May 25, 2026
Description
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this vulnerability has not been reported to SonicWall. And SonicWall strongly urges organizations using impacted SonicWall firewalls listed below to follow the provided guidance. NOTE: This vulnerability ONLY impacts the "web management" interface, the SonicOS SSLVPN interface is not impacted.
Solutions
sonicwall-sonicos-gen6-nsv-upgrade-6544-44v-21-1519sonicwall-sonicos-gen7-upgrade-701-5051sonicwall-sonicos-gen7-nssp15700-upgrade-701-5030-hf-r844
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.