CVE-2024-22398

Description

An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected products

SonicWall / Email Security10.0.26.7807 and earlier versions – 10.0.26.7807 and earlier versions

References

VENDOR_ADVISORYhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006