Login Sign Up

CVE-2022-22278

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in SonicWall SonicOS CFS allows attackers to cause HTTP Denial of Service (DoS) by triggering large 403 forbidden responses when accessing prohibited resources. Attackers can exploit this to exhaust system resources and disrupt legitimate traffic. Organizations using affected SonicWall firewall products with CFS enabled are vulnerable.

💻 Affected Systems

Products:
  • SonicWall SonicOS
Versions: SonicOS 7.0.1-5050 and earlier versions
Operating Systems: SonicOS firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Content Filtering Service (CFS) enabled. CFS is commonly used in production environments for web filtering.

📦 What is this software?

Nsa 2650 Firmware by Sonicwall

View all CVEs affecting Nsa 2650 Firmware →

Nsa 2700 Firmware by Sonicwall

View all CVEs affecting Nsa 2700 Firmware →

Nsa 3650 Firmware by Sonicwall

View all CVEs affecting Nsa 3650 Firmware →

Nsa 3700 Firmware by Sonicwall

View all CVEs affecting Nsa 3700 Firmware →

Nsa 4650 Firmware by Sonicwall

View all CVEs affecting Nsa 4650 Firmware →

Nsa 4700 Firmware by Sonicwall

View all CVEs affecting Nsa 4700 Firmware →

Nsa 5650 Firmware by Sonicwall

View all CVEs affecting Nsa 5650 Firmware →

Nsa 5700 Firmware by Sonicwall

View all CVEs affecting Nsa 5700 Firmware →

Nsa 6650 Firmware by Sonicwall

View all CVEs affecting Nsa 6650 Firmware →

Nsa 6700 Firmware by Sonicwall

View all CVEs affecting Nsa 6700 Firmware →

Nsa 9250 Firmware by Sonicwall

View all CVEs affecting Nsa 9250 Firmware →

Nsa 9450 Firmware by Sonicwall

View all CVEs affecting Nsa 9450 Firmware →

Nsa 9650 Firmware by Sonicwall

View all CVEs affecting Nsa 9650 Firmware →

Nssp 10700 Firmware by Sonicwall

View all CVEs affecting Nssp 10700 Firmware →

Nssp 11700 Firmware by Sonicwall

View all CVEs affecting Nssp 11700 Firmware →

Nssp 12400 Firmware by Sonicwall

View all CVEs affecting Nssp 12400 Firmware →

Nssp 12800 Firmware by Sonicwall

View all CVEs affecting Nssp 12800 Firmware →

Nssp 13700 Firmware by Sonicwall

View all CVEs affecting Nssp 13700 Firmware →

Nssp 15700 Firmware by Sonicwall

View all CVEs affecting Nssp 15700 Firmware →

Nsv 10 Firmware by Sonicwall

View all CVEs affecting Nsv 10 Firmware →

Nsv 100 Firmware by Sonicwall

View all CVEs affecting Nsv 100 Firmware →

Nsv 1600 Firmware by Sonicwall

View all CVEs affecting Nsv 1600 Firmware →

Nsv 200 Firmware by Sonicwall

View all CVEs affecting Nsv 200 Firmware →

Nsv 25 Firmware by Sonicwall

View all CVEs affecting Nsv 25 Firmware →

Nsv 270 Firmware by Sonicwall

View all CVEs affecting Nsv 270 Firmware →

Nsv 300 Firmware by Sonicwall

View all CVEs affecting Nsv 300 Firmware →

Nsv 400 Firmware by Sonicwall

View all CVEs affecting Nsv 400 Firmware →

Nsv 470 Firmware by Sonicwall

View all CVEs affecting Nsv 470 Firmware →

Nsv 50 Firmware by Sonicwall

View all CVEs affecting Nsv 50 Firmware →

Nsv 800 Firmware by Sonicwall

View all CVEs affecting Nsv 800 Firmware →

Nsv 870 Firmware by Sonicwall

View all CVEs affecting Nsv 870 Firmware →

Tz300p Firmware by Sonicwall

View all CVEs affecting Tz300p Firmware →

Tz300w Firmware by Sonicwall

View all CVEs affecting Tz300w Firmware →

Tz350 Firmware by Sonicwall

View all CVEs affecting Tz350 Firmware →

Tz350w Firmware by Sonicwall

View all CVEs affecting Tz350w Firmware →

Tz370 Firmware by Sonicwall

View all CVEs affecting Tz370 Firmware →

Tz370w Firmware by Sonicwall

View all CVEs affecting Tz370w Firmware →

Tz400 Firmware by Sonicwall

View all CVEs affecting Tz400 Firmware →

Tz400w Firmware by Sonicwall

View all CVEs affecting Tz400w Firmware →

Tz470 Firmware by Sonicwall

View all CVEs affecting Tz470 Firmware →

Tz470w Firmware by Sonicwall

View all CVEs affecting Tz470w Firmware →

Tz500 Firmware by Sonicwall

View all CVEs affecting Tz500 Firmware →

Tz500w Firmware by Sonicwall

View all CVEs affecting Tz500w Firmware →

Tz570 Firmware by Sonicwall

View all CVEs affecting Tz570 Firmware →

Tz570p Firmware by Sonicwall

View all CVEs affecting Tz570p Firmware →

Tz570w Firmware by Sonicwall

View all CVEs affecting Tz570w Firmware →

Tz600 Firmware by Sonicwall

View all CVEs affecting Tz600 Firmware →

Tz600p Firmware by Sonicwall

View all CVEs affecting Tz600p Firmware →

Tz670 Firmware by Sonicwall

View all CVEs affecting Tz670 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of HTTP services through resource exhaustion, potentially causing extended downtime for web applications and services behind the firewall.

🟠

Likely Case

Degraded HTTP performance and intermittent service disruptions affecting users accessing web resources through the firewall.

🟢

If Mitigated

Minimal impact with proper rate limiting, monitoring, and timely patching in place.

🌐 Internet-Facing: HIGH - Firewalls are typically internet-facing, making them directly accessible to attackers who can trigger the vulnerability remotely.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but external threats pose greater risk due to broader accessibility.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending HTTP requests to trigger 403 responses, which is straightforward. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SonicOS 7.0.1-5051 and later

Vendor Advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004

Restart Required: Yes

Instructions:

1. Log into SonicWall management interface. 2. Navigate to System > Settings > Firmware & Backups. 3. Download and install SonicOS 7.0.1-5051 or later. 4. Reboot the firewall after installation completes.

🔧 Temporary Workarounds

Disable Content Filtering Service

all

Temporarily disable CFS to prevent exploitation while awaiting patch

Navigate to Security Services > Content Filter > General and disable 'Enable Content Filter Service'

Implement Rate Limiting

all

Configure rate limiting on HTTP traffic to mitigate DoS impact

Configure Security Services > App Control > Settings with appropriate rate limits

🧯 If You Can't Patch

  • Implement network-level rate limiting using upstream devices
  • Monitor for abnormal 403 response patterns and block offending IPs

🔍 How to Verify

Check if Vulnerable:

Check SonicOS version in System > Status > System Information. If version is 7.0.1-5050 or earlier and CFS is enabled, system is vulnerable.

Check Version:

show version (from CLI) or check System > Status > System Information in web interface

Verify Fix Applied:

Verify SonicOS version is 7.0.1-5051 or later in System > Status > System Information.

📡 Detection & Monitoring

Log Indicators:

  • Unusually high volume of 403 HTTP responses
  • Large response size entries in firewall logs
  • Resource exhaustion alerts

Network Indicators:

  • Spike in HTTP traffic to firewall
  • Abnormal pattern of requests to trigger 403 responses

SIEM Query:

source="sonicwall" (response_code="403" AND response_size>threshold) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2022-22278
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: April 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22278, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)