What is CVE-2024-22398?

CVE-2024-22398 is a vulnerability in Sonicwall Email Security, classified under Path Traversal. Published 2024-03-14.

Is CVE-2024-22398 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Sonicwall Email Security

CVE-2024-22398

An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and de…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (45.2th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Email Security — versions 10.0.26.7807 and earlier versions

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006 (vendor-advisory)

Frequently asked questions

What is CVE-2024-22398?: CVE-2024-22398 is a vulnerability in Sonicwall Email Security, classified under Path Traversal. Published 2024-03-14.
Is CVE-2024-22398 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.