CVE-2022-22278

Name: CVE-2022-22278
Creator: NVD / NIST
Published: 2022-04-27T17:15:07.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.88%

Last modified Jun 17, 2026

CVE-2022-22278 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack. EPSS estimates a 0.88% chance of exploitation in the next 30 days.

Description

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.88%

54.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Sonicwall	Tz300p Firmware	< 7.0.1
Sonicwall	Tz300w Firmware	< 7.0.1
Sonicwall	Tz350 Firmware	< 7.0.1
Sonicwall	Tz350w Firmware	< 7.0.1
Sonicwall	Nssp 10700 Firmware	< 7.0.1.0
Sonicwall	Nssp 11700 Firmware	< 7.0.1.0
Sonicwall	Nssp 12400 Firmware	< 7.0.1.0
Sonicwall	Nssp 12800 Firmware	< 7.0.1.0
Sonicwall	Nssp 13700 Firmware	< 7.0.1.0
Sonicwall	Nssp 15700 Firmware	< 7.0.1.0
Sonicwall	Tz370 Firmware	< 7.0.1
Sonicwall	Tz370w Firmware	< 7.0.1
Sonicwall	Tz400 Firmware	< 7.0.1
Sonicwall	Nsv 10 Firmware	< 7.0.1.0
Sonicwall	Nsv 100 Firmware	< 7.0.1.0
Sonicwall	Nsv 1600 Firmware	< 7.0.1.0
Sonicwall	Nsv 200 Firmware	< 7.0.1.0
Sonicwall	Nsv 25 Firmware	< 7.0.1.0
Sonicwall	Nsv 270 Firmware	< 7.0.1.0
Sonicwall	Nsv 300 Firmware	< 7.0.1.0
Sonicwall	Nsv 400 Firmware	< 7.0.1.0
Sonicwall	Nsv 470 Firmware	< 7.0.1.0
Sonicwall	Nsv 50 Firmware	< 7.0.1.0
Sonicwall	Nsv 800 Firmware	< 7.0.1.0
Sonicwall	Nsv 870 Firmware	< 7.0.1.0
Sonicwall	Tz400w Firmware	< 7.0.1
Sonicwall	Tz470 Firmware	< 7.0.1
Sonicwall	Tz470w Firmware	< 7.0.1
Sonicwall	Tz500 Firmware	< 7.0.1
Sonicwall	Nsa 2650 Firmware	< 7.0.1
Sonicwall	Nsa 2700 Firmware	< 7.0.1
Sonicwall	Nsa 3650 Firmware	< 7.0.1
Sonicwall	Nsa 3700 Firmware	< 7.0.1
Sonicwall	Nsa 4650 Firmware	< 7.0.1
Sonicwall	Nsa 4700 Firmware	< 7.0.1
Sonicwall	Nsa 5650 Firmware	< 7.0.1
Sonicwall	Nsa 5700 Firmware	< 7.0.1
Sonicwall	Nsa 6650 Firmware	< 7.0.1
Sonicwall	Nsa 6700 Firmware	< 7.0.1
Sonicwall	Nsa 9250 Firmware	< 7.0.1
Sonicwall	Nsa 9450 Firmware	< 7.0.1
Sonicwall	Nsa 9650 Firmware	< 7.0.1
Sonicwall	Tz500w Firmware	< 7.0.1
Sonicwall	Tz570 Firmware	< 7.0.1
Sonicwall	Tz570p Firmware	< 7.0.1
Sonicwall	Tz570w Firmware	< 7.0.1
Sonicwall	Tz600 Firmware	< 7.0.1
Sonicwall	Tz600p Firmware	< 7.0.1
Sonicwall	Tz670 Firmware	< 7.0.1

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004Vendor Advisory

Timeline

Published: Apr 27, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-22278?

How severe is CVE-2022-22278?

CVE-2022-22278 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.88% probability of exploitation in the next 30 days.

How do I fix CVE-2022-22278?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-22278?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST