SonicWall SonicOS Improper Access Control (SNWLID-2024-0015)

According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by an improper access control vulnerability: - An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially...

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10...

The vulnerability of the `sslvpn_config_mod` function in the `/vpn/vpn_template_style.php` file of the web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 software is exploited by attackers to execute arbitrary commands.

The vulnerability of the sslvpnconfigmod function in the /vpn/vpntemplatestyle.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 routers is related to the failure to eliminate special elements used in commands when processing template and stylenum parameters. Exploiting th...

CVE-2024-7469

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpnconfigmod of the file /vpn/listvpnwebcustom.php of the component Web Interface. The manipulation of the argument template/stylenum lea...

CVE-2024-7469 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_vpn_web_custom.php sslvpn_config_mod os command injection

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpnconfigmod of the file /vpn/listvpnwebcustom.php of the component Web Interface. The manipulation of the argument template/stylenum lea...

CVE-2024-7467

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpnconfigmod of the file /vpn/listipnetwork.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

CVE-2024-7468 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_service_manage.php sslvpn_config_mod os command injection

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpnconfigmod of the file /vpn/listservicemanage.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

CVE-2024-7467 Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_ip_network.php sslvpn_config_mod os command injection

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpnconfigmod of the file /vpn/listipnetwork.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

PT-2024-5396 · Raisecom · Raisecom Msg2200 +3

Name of the Vulnerable Software and Affected Versions: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 version 3.90 Description: The issue is related to the function sslvpn config mod of the file /vpn/list vpn web custom.php in the web interface of the affected devices. It is caused by the failur...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

CVE-2024-22397

This CVE affects SonicOS SSLVPN Portal (SonicWall) and is a Stored Cross-Site Scripting flaw. Root cause: improper neutralization of input during web page generation. Impact: an authenticated remote attacker with firewall admin privileges can store and execute arbitrary JavaScript in the context ...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

Vulnerabilities fixed in Fortinet FortiOS and FortiProxy

Fortinet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary code, gain access to sensitive data or to elevate privileges. The vulnerability with reference CVE-2024-23112 applies to FortiOS and FortiProxy SSLVPN, and allows...

SonicOS SSLVPN Portal Stored Cross-site Scripting Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. This vulnerability affects only SonicOS Gen7 firmware 7.0.1-5145,...

The vulnerability of the SSLVPN service on FortiOS operating systems allows a perpetrator to execute arbitrary code or commands.

The vulnerability of the SSLVPN service on FortiOS operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands by sending specially crafted HTTP requests...

SonicWall SonicOS Multiple Vulnerabilities (SNWLID-2023-0012)

According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by multiple vulnerabilities with impact to SonicOS Management Web Interface and SSLVPN Portal, but not SonicWall SSLVPN SMA100 and SMA1000 series products. These vulnerabilities...

Exploit for Stack-based Buffer Overflow in Sonicwall Sonicos

SonicWall NGFW CVE-2022-22274 & CVE-2023-0656 !example gif...

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2023-98189)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An Access Control Error...

SSLVPN error "Websocket connection failed: Connection closed before receiving a handshake responser"

After VPN tunnel established to NetScaler gateway, user encounter access issue s to backend server with error message: "Websocket connection to 'ws:///ws/notification/site-msg/' failed: Connection closed before receiving a handshake responser"...