SonicOS affected by multiple vulnerabilities

1 CVE-2026-0204 - SonicOS Improper Access Control VulnerabilityA vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.CVSS Score: 8.0CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCWE-1390:...

SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities

1 CVE-2026-4112 - Privilege Escalation via SQL InjectionImproper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary...

SonicWall Email Security Affected By Multiple Vulnerabilities

1 CVE-2026-3468 - Stored Cross-Site Scripting XSS VulnerabilityA stored Cross-Site Scripting XSS vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker a...

SonicOS multiple post-authentication vulnerabilities

1 CVE-2026-0399 - Multiple SonicOS post-authentication Stack-based Buffer Overflow vulnerabilitiesMultiple post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.CVSS Score: 4.9 CVSS Vector:...

SonicWall SMA1000 appliance local privilege escalation vulnerability

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC. Please note that SonicWall Firewall products are not affected by this vulnerability. CVE: CVE-2025-40602 Last updated: Dec. 18, 2025, 11:34 a.m...

SonicWall Email Security Affected By Multiple Vulnerabilities

1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...

SonicOS SSLVPN Pre-Auth Stack-Based Buffer Overflow Vulnerability

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made...

SonicWall SMA100 Potential Exposure of Sensitive Information in Log File

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.SonicWall strongly recommends that users of the SMA 100 series products SMA 210, 410, an...

SonicWall SMA100 10.2.2.2-92sv With Additional File Checking

SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices. While this is a valuable security step and a necessary measure to protect our customers, it’s equally important to clarify th...

SonicOS Use of Externally-Controlled Format String Vulnerability

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.SonicWall strongly advises users of the SonicWall firewall products to upgrade to the mentioned fixed release version to address this...

SonicWall SMA100 Post-authentication Arbitrary File Upload vulnerability

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution. SonicWall strongly recommends...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 CVE-2025-40596 - Pre-Authentication Stack-Based Buffer Overflow VulnerabilityA Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution. CVSS Score: 7.3 CVSS Vecto...

SonicWall SMA1000 Encoded URL SSRF Vulnerability

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.IMPORTANT: SonicWall PSIRT strongly advises...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 CVE-2025-32819 - Post-Authentication SSLVPN user arbitrary file delete vulnerabilityA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default...

SonicWall SMA1000 SSRF Vulnerability

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.IMPORTANT: SonicWall PSIRT...

SonicOS SSLVPN NULL Pointer Dereference Denial-of-Service (DoS) Vulnerability

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service DoS condition. CVE: CVE-2025-32818 Last updated: April 23, 2025, 6:49 p.m...

SonicWall Connect Tunnel Windows Client Improper Link Resolution Vulnerability

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit Client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. CVE: CVE-2025-32817 Last updated: April 16, 2025, 12:30 p.m...

SonicWall NetExtender Windows Client Multiple Vulnerabilities

1 CVE-2025-23008 - SonicWall NetExtender Improper Privilege Management VulnerabilityAn improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client allows a low privileged attacker to modify configurations. CVSS Score: 7.2 CVSS Vector:...

SonicWall NetExtender Local Privilege Escalation via Arbitrary SYSTEM File Read

A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. CVE: CVE-2025-23007 Last updated: March 24, 2025, 5:22 a.m...

SMA1000 Pre-Authentication Remote Command Execution Vulnerability

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS...

SonicOS Affected By Multiple Vulnerabilities

1 CVE-2024-40762 - SonicOS SSLVPN Use of Cryptographically Weak Pseudo-Random Number Generator PRNG.Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting ...

SSL-VPN MFA Bypass Due to UPN and SAM Account Handling in Microsoft AD

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

SonicOS Multiple Post-authentication Vulnerabilities

1 CVE-2024-12803 - SonicOS Post-authentication Stack-based buffer overflow vulnerabilityA post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. CVSS Score: 6.0 CVSS Vector:...

Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec

A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 Path traversal vulnerability – attributed to publicly known Apache HTTP Server vulnerability CVE-2024-38475Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to file system locations that are permitted to be served by the server. CV...

SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Affected By Multiple Vulnerabilities

1 CVE-2024-45315 - SonicWALL SMA1000 Connect Tunnel Windows Client Link Following Denial-of-Service VulnerabilityThe Improper link resolution before file access 'Link Following' vulnerability in SonicWall Connect Tunnel version 12.4.3.271 and earlier of Windows client allows users with standard...

Common UNIX Printing System (CUPS) Vulnerabilities

Common UNIX Printing System CUPS is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP Internet Printing Protocol to allow for printing with local and network printers. By combining these vulnerabilities CVE-2024-47076, CVE-2024-47177, CVE-2024-47175...

SonicOS Improper Access Control Vulnerability

An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7...

RADIUS Protocol Forgery Vulnerability (Blast-RADIUS)

In early July 2024, a group of security researchers found a vulnerability in the RADIUS protocol:CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other...

Heap-based buffer overflow vulnerability in SonicOS IPSec VPN

Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause Denial of Service DoS. CVE: CVE-2024-40764 Last updated: Aug. 5, 2024, 9:37 p.m...

SonicWall SMA100 NetExtender Windows Client Remote Code Execution Vulnerability

Vulnerability in SonicWall SMA100 NetExtender Windows 32 and 64-bit client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.SonicWall strongly advises SSL VPN NetExtender client users to upgrade to the latest release version...

CVE-2024-6387: regreSSHion RCE in OpenSSH Vulnerability

A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are n...

Heap-based buffer overflow vulnerability in SonicOS SSL-VPN

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service DoS via memcpy function.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this...

Stack-based buffer overflow vulnerability in SonicOS HTTP server

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this...

GMS ECM multiple vulnerabilities

SonicWall GMS Virtual Appliance, Windows - 9.3.4 and earlier versions are vulnerable to the following security issues.1 CVE-2024-29010 - GMS ECM Policy XML External Entity Processing Information Disclosure Vulnerability.The XML document processed in the GMS ECM endpoint is vulnerable to XML...

SonicOS SSLVPN Portal Stored Cross-site Scripting Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. This vulnerability affects only SonicOS Gen7 firmware 7.0.1-5145,...

Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec

A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...

SMA100 MFA Improper Access Control Vulnerability

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.There is no evidence that these vulnerabilities are being...

SonicOS SSL-VPN Improper Authentication

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.This issue affects only firmware version SonicOS 7.1.1-7040. CVE: CVE-2024-22394 Last updated: Feb. 7, 2024, 4:44...

SFPMonitor.sys KOOB Write vulnerability

SonicWall Capture Client version 3.7.10 and NetExtender Client Windows client 10.2.337 and earlier versions are being installed with sfpmonitor.sys driver. The client applications communicate with the driver through queries. The driver method that handles those queries has Stack-based Buffer...

Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

On December 18th, 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, called Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of security aspects of SSH connections. This occurs...

SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities

1 CVE-2023-44221 - Post Authentication OS Command Injection VulnerabilityImproper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading...

TunnelCrack Vulnerabilities

SonicWall PSIRT is aware of a research publication that outlines a series of attacks known as 'TunnelCrack' vulnerabilities. These attacks occur when VPN client traffic leaks outside of the secure VPN tunnel, typically happening when clients connect to untrusted networks, like rogue Wi-Fi access...

SonicWall SSO Agent - Directory Services Connector MSI Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. SonicWall strongly advises SonicWall SSO Agent Directory Services...

SonicWall NetExtender Windows Client DLL Search Order Hijacking Vulnerability

SonicWall NetExtender Windows 32 and 64-bit client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. SonicWall strongly advises SSL VPN...

SonicOS affected by multiple vulnerabilities

The SonicOS Management web interface and SSLVPN portal have been impacted by several vulnerabilities, which are listed below. SonicWall strongly advises organizations using earlier versions of SonicOS firmware to upgrade to the latest firmware releases.Note: It's important to note that the...

SonicWall NetExtender Pre-Logon Vulnerability

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation LPE vulnerability. SonicWall strongly advises SSL VPN NetExtender client users to...

SonicWall Net Extender Repair Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running the repair functionality. SonicWall strongly advises SSL VPN NetExtender client users to upgrade t...

SonicWall GMS and Analytics affected by multiple vulnerabilities

SonicWall GMS and Analytics products are affected by critical, high, and medium severity vulnerabilities. While it is important to note that there is currently no evidence of exploitation, SonicWall strongly recommends that organizations running older versions of GMS and Analytics builds upgrade ...

Impact of OpenSSL Possible DoS translating ASN 1 object identifiers on SonicWall Products CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow.Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notab...