March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Integrated Cellular Modem Vulnerabilities Put Millions of IoT Devices at Risk
May 14, 2024Multiple Apple macOS Sonoma Vulnerabilities
May 14, 2024Integrated Cellular Modem Vulnerabilities Put Millions of IoT Devices at Risk
May 14, 2024Multiple Apple macOS Sonoma Vulnerabilities
May 14, 2024
Severity
Medium
Analysis Summary
CVE-2024-22397 CVSS:4.8
SonicWall SonicOS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-22398 CVSS:4.9
SonicWall Email Security could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing "dot dot" sequences to delete arbitrary files on the system.
Impact
- Cross-Site Scripting
- Information Obtain
Indicators of Compromise
CVE
- CVE-2024-22398
- CVE-2024-22397
Affected Vendors
Sonicwall
Affected Products
- SonicWall Email Security 10.0.26.7807
- SonicWall SonicOS 7.0.1-7047
- SonicWall SonicOS 7.0.1-5145
Remediation
Refer to SonicWall Security Advisory for patch, upgrade or suggested workaround information.