CVE-2022-42889 - any SNWL products affected?

BWC · October 2022

It's exceptional silent about this current CVE-2022-42889 which has a nice score of 9.8.

Is any SNWL product, which heavily relies on Java, affected? Possible candidates are Email Security, SMA 1000 series, GMS and probably NSM and Analytics as well?

@Ena @Micah do you have any insights?

--Michael@BWC

TKWITS · October 2022

@KaranM @fmadia

BWC · October 2022

@TKWITS as usual, radio silence. I know PSIRT yada yada yada, but at least Partners should be informed properly first to assess the Situation.

commons-text is listed over here, so my guess is that it is still used or was used before.

https://www.sonicwall.com/legal/third-party-licenses/

--Michael@BWC

Ajishlal · October 2022

As usual silence 😏

Micah · October 2022

Hi All,

SonicWall's Product Security Incident Response Team (PSIRT) recently published the following: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0022

Kind Regards,

BWC · October 2022

Thanks @Micah it's a relief to see that the public facing services like Email Security and SMA 1000 are not impacted, hopefully that will not change later on.

--Michael@BWC

Join the Conversation

CVE-2022-42889 - any SNWL products affected?

Comments