Dell SonicWall NetExtender CVE-2015-4173 Remote Privilege Escalation Vulnerability

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE%...

CVE-2022-42889 Text4shell Apache Commons Text RCE Vulnerability

This advisory will cover the CVE-2022-42889 - Text4shell Apache Commons Text RCE Vulnerability. SonicWall Product Appliance/Cloud/Virtual/OnPrem p class="MsoNormal" align="center" style="margin-bottom:0in;text-align:center; line-height:normal;mso-element:frame;mso-element-frame-hspace:9.0pt;...

SMA1000 Pre-Authentication Remote Command Execution Vulnerability

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS...

SonicOS affected by multiple vulnerabilities

The SonicOS Management web interface and SSLVPN portal have been impacted by several vulnerabilities, which are listed below. SonicWall strongly advises organizations using earlier versions of SonicOS firmware to upgrade to the latest firmware releases.Note: It's important to note that the...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 Path traversal vulnerability – attributed to publicly known Apache HTTP Server vulnerability CVE-2024-38475Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to file system locations that are permitted to be served by the server. CV...

CVE-2024-6387: regreSSHion RCE in OpenSSH Vulnerability

A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are n...

SonicWall NetExtender Local Privilege Escalation via Arbitrary SYSTEM File Read

A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. CVE: CVE-2025-23007 Last updated: March 24, 2025, 5:22 a.m...

SonicWall SMA100 NetExtender Windows Client Remote Code Execution Vulnerability

Vulnerability in SonicWall SMA100 NetExtender Windows 32 and 64-bit client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.SonicWall strongly advises SSL VPN NetExtender client users to upgrade to the latest release version...

SonicWall SMA1000 CVE-2021-33909 and CVE-2022-0847

This advisory is intended to address Linux Kernel vulnerability CVE-2021-33909 and CVE-2022-0847 in the SonicWall SMA1000 platform.SonicWall has performed a comprehensive analysis of the SMA1000 platform that resulted in no observable attack vectors for CVE-2021-33909 and CVE-2022-0847. To remove...

Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution in the firewall.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have be...

SonicOS SSLVPN NULL Pointer Dereference Denial-of-Service (DoS) Vulnerability

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service DoS condition. CVE: CVE-2025-32818 Last updated: April 23, 2025, 6:49 p.m...

SonicWall Connect Tunnel Windows Client Improper Link Resolution Vulnerability

A Improper Link Resolution vulnerability CWE-59 in the SonicWall Connect Tunnel Windows 32 and 64 bit Client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. CVE: CVE-2025-32817 Last updated: April 16, 2025, 12:30 p.m...

SonicOS Affected By Multiple Vulnerabilities

1 CVE-2024-40762 - SonicOS SSLVPN Use of Cryptographically Weak Pseudo-Random Number Generator PRNG.Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting ...

SonicWall Email Security pre-authentication administrative account creation vulnerability

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. CVE: CVE-2021-20021 Last updated: April 9, 2021, 5:12 p.m...

Confirmed Zero-day vulnerability in the SonicWall SMA100 build version 10.x

A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker. This vulnerability impacts SMA100 build version 10.x. CVE: CVE-2021-20016 Last updated: Feb. 3, 2021, 9:11 p.m...

SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities

1 CVE-2023-44221 - Post Authentication OS Command Injection VulnerabilityImproper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading...

SonicOS multiple post-authentication vulnerabilities

1 CVE-2026-0399 - Multiple SonicOS post-authentication Stack-based Buffer Overflow vulnerabilitiesMultiple post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.CVSS Score: 4.9 CVSS Vector:...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 CVE-2025-32819 - Post-Authentication SSLVPN user arbitrary file delete vulnerabilityA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default...

Spring Remote Code Execution: CVE-2022-22963 and CVE-2022-22965

SonicWall PSIRT is tracking two critical vulnerabilities impacting the Spring Framework. This advisory is intended to address both. 1CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring ExpressionIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported...

SonicOS Unauthenticated Stack-Based Buffer Overflow Vulnerability

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and...

SonicWall patches multiple SMA100 affected vulnerabilities

SonicWall has verified and patched vulnerabilities of critical and medium severity CVSS 5.3-9.8 in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities.SonicWall...

SFPMonitor.sys KOOB Write vulnerability

SonicWall Capture Client version 3.7.10 and NetExtender Client Windows client 10.2.337 and earlier versions are being installed with sfpmonitor.sys driver. The client applications communicate with the driver through queries. The driver method that handles those queries has Stack-based Buffer...

SMA100 Improper Access Control Vulnerability allowed restricted management APIs accessible

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.IMPORTANT: There is no evidence that these vulnerabilities are being exploited in the wild. CVE:...

Unauthenticated SMA100 arbitrary file delete vulnerability

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. CVE: CVE-2021-20034 Last updated: Sept. 23, 2021, 9:24 p.m...

SonicWall 802.11 Frame Aggregation and Fragmentation Vulnerabilities (FragAttacks)

Vulnerabilities in IEEE 802.11 implementation were found. These vulnerabilities could allow an attacker to inject malicious frames into legitimate WiFi traffic. The discovered vulnerabilities affect all modern security protocols of WiFi, including the latest WPA3. Successful exploitation of these...

SonicWall Email Security post-authentication arbitrary file creation vulnerability

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE: CVE-2021-20022 Last updated: April 9, 2021, 10:03 p.m...

SonicOS SSLVPN login page administrator username enumeration vulnerability

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, and SonicOSv 6.5.4.v...

SonicWall SMA100 Pre-Authentication SQL Injection

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7481 Last updated: March 6, 2020, 4:42 a.m...

Several pre-auth vulnerability in enterprise SSL VPN

Critical vulnerabilities in enterprise virtual private network VPN solutions from Palo Alto Networks, Fortinet and Pulse Secure allow attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications, researchers warn SonicWall products are not vulnerable t...

vulnerability at mysonicwall.com that leads to Remote Code Execution (RCE)

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. CVE: CVE-2017-11317 Last updated: July 9, 2018, midnight...

Common UNIX Printing System (CUPS) Vulnerabilities

Common UNIX Printing System CUPS is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP Internet Printing Protocol to allow for printing with local and network printers. By combining these vulnerabilities CVE-2024-47076, CVE-2024-47177, CVE-2024-47175...

TunnelCrack Vulnerabilities

SonicWall PSIRT is aware of a research publication that outlines a series of attacks known as 'TunnelCrack' vulnerabilities. These attacks occur when VPN client traffic leaks outside of the secure VPN tunnel, typically happening when clients connect to untrusted networks, like rogue Wi-Fi access...

SonicWall GMS and Analytics affected by multiple vulnerabilities

SonicWall GMS and Analytics products are affected by critical, high, and medium severity vulnerabilities. While it is important to note that there is currently no evidence of exploitation, SonicWall strongly recommends that organizations running older versions of GMS and Analytics builds upgrade ...

SonicWall Hosted Email Security Capture ATP Bypass

Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. CVE: CVE-2022-2324 Last updated: July 14, 2022, 6:43 p.m...

JMSAppender - Log4j 1.2 Vulnerability CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

Apache Struts Remote Code Execution Vulnerability

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, i...

SonicWall GMS XML-RPC Remote Code Execution Vulnerability

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System GMS virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. CVE: CVE-2018-9866 Last updated: Aug. 3, 201...

SSL-VPN MFA Bypass Due to UPN and SAM Account Handling in Microsoft AD

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

GMS ECM multiple vulnerabilities

SonicWall GMS Virtual Appliance, Windows - 9.3.4 and earlier versions are vulnerable to the following security issues.1 CVE-2024-29010 - GMS ECM Policy XML External Entity Processing Information Disclosure Vulnerability.The XML document processed in the GMS ECM endpoint is vulnerable to XML...

Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Framing Frames)

Vulnerability in IEEE 802.11 implementation is found. A malicious insider can intercept traffic at the MAC layer by disconnecting a victim and connecting to the network using the victim’s MAC address and the attacker’s credentials even if clients are prevented from communicating with each other...

SMA100 post-authentication Remote Command Execution vulnerability

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Command as a 'root' user which potentially leads to remote command execution vulnerability or denial of service DoS attack.IMPORTANT: SMA 100...

SonicWall Global VPN Client DLL Search Order Hijacking via Application Installer

SonicWall Global VPN Client 4.10.7 installer 32-bit and 64-bit and earlier have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. CVE: CVE-2021-20051 Last updated: Apr...

SonicOS Host Header Redirection

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. To avoid this vulnerability, follow these steps: Upgrade the firmware to the fixed version 6.5.4.8-89n, 7.0.1-R1456 etc. and higher versions,Enab...

SonicWall Global VPN Client Privilege Escalation via Application Installer

SonicWall Global VPN Client 4.10.5 installer 32-bit and 64-bit incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts 4.10.5 installer and earlier. CVE: CVE-2021-20037 Last...

SonicWall Switch LLDP Protocol multiple Out-of-Bound read vulnerability

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. CVE: CVE-2021-20024 Last updated: July 8, 2021, 5:07 p.m...

Buffer Overflow in HTTP Request Header Leads to Partial Memory Leak

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can potentially lead to an internal sensitive data disclosure vulnerability. CVE: CVE-2021-20019 Last updated: Sept. 1, 2021, 10:17 p.m...

Foreshadow- L1 Terminal Fault: SGX

Systems with microprocessors utilizing speculative execution and Intel® software guard extensions Intel® SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. CVE: CVE-2018-3615 Last...

Rogue System Register Read (RSRE) – also known as Variant 3a

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read RSRE, Variant 3a. CVE:...

SonicWall SMA1000 SSRF Vulnerability

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.IMPORTANT: SonicWall PSIRT...

SonicOS SSL-VPN Improper Authentication

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.This issue affects only firmware version SonicOS 7.1.1-7040. CVE: CVE-2024-22394 Last updated: Feb. 7, 2024, 4:44...