Vulnerability in Sonicwall Sma1000

CVE-2022-1701

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

EPSS: 0.001 (32.0th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma1000 — versions 12.4.0, 12.4.1

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

Public proof-of-concept exploits

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-1701?: CVE-2022-1701 is a vulnerability in Sonicwall Sma1000, classified under Use of Hard-coded Cryptographic Key. Published 2022-05-13.
Is CVE-2022-1701 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.