CVE-2024-36504

An out-of-bounds read vulnerability CWE-125 in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL...

Fortinet Fortigate SSLVPN DOS (FG-IR-23-473)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-473 advisory. - An out-of-bounds read vulnerability CWE-125 in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 throu...

PT-2025-2453 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS SSLVPN web portal versions 6.4 through 7.0, versions 7.2.0 through 7.2.8, and versions 7.4.0 through 7.4.4 Description: The issue is related to an out-of-bounds read vulnerability that may allow an authenticated attacker to perform a...

CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication...

CVE-2024-40762

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass...

CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication...

CVE-2024-53704

CVE-2024-53704 affects SonicWall SonicOS SSLVPN. An improper authentication vulnerability in the SSLVPN authentication mechanism allows remote attackers to bypass authentication and hijack active VPN sessions. Affected versions include SonicOS SSLVPN 7.1.1-7040 before 7.1.3-7015 and 7.1.2-7019. P...

CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication...

CVE-2024-40762

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass...

CVE-2024-40762

Summary of CVE-2024-40762 ( SonicWall SonicOS ) : The SonicOS SSLVPN component uses a cryptographically weak PRNG to generate authentication tokens, which in some cases can be predicted and lead to authentication bypass. The SonicWall PSIRT SNWLID-2025-0003 confirms this CVE among multiple vulner...

CVE-2024-40762

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass...

SonicWALL SSLVPN 安全漏洞

SonicWALL SSLVPN is a transparent software application for Windows and Linux users from SonicWALL USA, Inc. Enables remote users to securely connect to the corporate network. A security vulnerability exists in SonicWALL SSLVPN that stems from improper authentication...

CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. Recent assessments: remmons-r7 at January 28, 2025 3:26pm UTC reported: On January 7, 2025, SonicWall announced an authentication bypass affecting SonicOS, the...

CVE-2024-53703

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions modhttprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution...

CVE-2024-45319

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

CVE-2024-45318

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution...

CVE-2024-45318

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution...

CVE-2024-40763

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution...

CVE-2024-53703

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions modhttprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution...