202 matches found
Dell SonicWall NetExtender CVE-2015-4173 Remote Privilege Escalation Vulnerability
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE%...
CVE-2022-42889 Text4shell Apache Commons Text RCE Vulnerability
This advisory will cover the CVE-2022-42889 - Text4shell Apache Commons Text RCE Vulnerability. SonicWall Product Appliance/Cloud/Virtual/OnPrem p class="MsoNormal" align="center" style="margin-bottom:0in;text-align:center; line-height:normal;mso-element:frame;mso-element-frame-hspace:9.0pt;...
Several pre-auth vulnerability in enterprise SSL VPN
Critical vulnerabilities in enterprise virtual private network VPN solutions from Palo Alto Networks, Fortinet and Pulse Secure allow attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications, researchers warn SonicWall products are not vulnerable t...
SonicWall SMA1000 Encoded URL SSRF Vulnerability
A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.IMPORTANT: SonicWall PSIRT strongly advises...
SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities
1 Path traversal vulnerability – attributed to publicly known Apache HTTP Server vulnerability CVE-2024-38475Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to file system locations that are permitted to be served by the server. CV...
SonicOS multiple post-authentication vulnerabilities
1 CVE-2026-0399 - Multiple SonicOS post-authentication Stack-based Buffer Overflow vulnerabilitiesMultiple post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.CVSS Score: 4.9 CVSS Vector:...
SonicOS Content Filtering Service and SNMP feature affected by multiple vulnerabilities
SonicOS is affected by the below listed multiple medium severity vulnerabilities, organizations running previous versions of SonicOS should upgrade to new firmware release versions.CVE-2022-22275 - Improper Restriction of TCP Communication Channel Potentially Resulting in DoSSeverity 5.3 Medium...
SonicWall Global Management System (GMS) 8.1 cross-site scripting
SonicWall Global Management System GMS 8.1 has XSS via the newName and Name values of the /sgms/TreeControl module. CVE: CVE-2018-5691 Last updated: March 12, 2018, 5:31 p.m...
Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec
A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...
SonicOS vulnerability involving improper neutralization of HTTP header resulting in unauthenticated Denial of Service (DoS)
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.• SonicWall PSIRT is not aware of any active exploitation of...
SMA1000 Pre-Authentication Remote Command Execution Vulnerability
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS...
SonicWall Email Security Information Discloser Vulnerability
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. CVE: CVE-2023-0655 Last updated: Feb. 13, 2023, 9:59 p.m...
SonicOS affected by multiple vulnerabilities
The SonicOS Management web interface and SSLVPN portal have been impacted by several vulnerabilities, which are listed below. SonicWall strongly advises organizations using earlier versions of SonicOS firmware to upgrade to the latest firmware releases.Note: It's important to note that the...
SonicWall SMA100 Authenticated Buffer Overflow
Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7485 Last updated: March 6, 2020, 4:42 a.m...
SonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple Vulnerabilities
1 CVE-2023-44221 - Post Authentication OS Command Injection VulnerabilityImproper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading...
SonicWall Analytics Remote Command Execution via Java Debug Wire Protocol
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol JDWP interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. CVE: CVE-2021-20032 Last updated: Aug. 10, 2021, 2:...
SonicOS Unauthenticated Stack-Based Buffer Overflow Vulnerability
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and...
SonicOS SSLVPN allows unauthenticated attacker to brute force Virtual Assist ticket ID
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5141 Last...
SFPMonitor.sys KOOB Write vulnerability
SonicWall Capture Client version 3.7.10 and NetExtender Client Windows client 10.2.337 and earlier versions are being installed with sfpmonitor.sys driver. The client applications communicate with the driver through queries. The driver method that handles those queries has Stack-based Buffer...
SonicWall SMA100 post-authenticated remote command injection
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20017 Last updated: March 13, 2021, 1:04 a.m...
SonicOS SSLVPN NACAgent 3.5 windows binary is vulnerable to Unquoted Service Path Privilege Escalation vulnerability
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. CVE: CVE-2019-7487 Last updated: Dec. 18, 2019, 10:11 p.m...
Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI /cgi-bin/viewcert component responsible for processing SSL certificate information. The CGI...
Email Security Weak Default Credential
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance up to 10.0.2, 9.2.3 and earlier. CVE: CVE-2019-7488 Last updated: Dec. 23, 2019, 8 p.m...
Multiple Dell SonicWALL Products Multiple Remote Code Execution Vulnerabilities
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. CVE: CVE-2016-2397 Last updated: March 12, 2018, 5:31 p.m...
Dell SonicWALL NSA 2400 'stats/dashboard.jsp' Cross Site Scripting Vulnerability
Cross-site scripting XSS vulnerability in the Dashboard Backend service stats/dashboard.jsp in SonicWall Network Security Appliance NSA 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. CVE: CVE-2014-2589 Last updated: March 12, 2018, 4:19 p.m...
SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 the user login name, which is not filtered when the administrator views the log file. CVE: CVE-2005-1006 Last updated: July 11, 2017, 1:32 a...
CVE-2024-6387: regreSSHion RCE in OpenSSH Vulnerability
A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are n...
Post-Auth OS Command Injection vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions
NOTE: SonicWall PSIRT has observed threat actors targeting EOL SRA devices CVE-2021-20028, and active exploitation of this vulnerability is likely.SonicWall is aware of a ‘Post Authentication OS Command Injection’ vulnerability, reported by Compass Security, impacting end-of-life Secure Remote...
SonicOS SSLVPN Pre-Auth Stack-Based Buffer Overflow Vulnerability
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made...
SonicWall SMA100 NetExtender Windows Client Remote Code Execution Vulnerability
Vulnerability in SonicWall SMA100 NetExtender Windows 32 and 64-bit client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.SonicWall strongly advises SSL VPN NetExtender client users to upgrade to the latest release version...
Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability
Cross-site scripting XSS vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the nodeid parameter. CVE: CVE-2014-5024 Last updated: March 12, 2018, 5:24 p.m...
SonicWall GMS and Analytics affected by multiple vulnerabilities
SonicWall GMS and Analytics products are affected by critical, high, and medium severity vulnerabilities. While it is important to note that there is currently no evidence of exploitation, SonicWall strongly recommends that organizations running older versions of GMS and Analytics builds upgrade ...
SonicWall Global VPN client version 4.10.4.0314 and earlier allows privilege elevation through loaded process hijacking vulnerability
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. CVE: CVE-2020-5144 Last updated: Oct. 28, 2020, 9:31 a.m...
SonicWall SMA100 Pre-authentication stack buffer overflow
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7482 Last updated: March 6, 2020, 4:42 a.m...
Administrators without full permissions can download imported certificates
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Ge...
SonicOS affected by multiple vulnerabilities
1 CVE-2026-0204 - SonicOS Improper Access Control VulnerabilityA vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.CVSS Score: 8.0CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCWE-1390:...
SonicWall NetExtender Local Privilege Escalation via Arbitrary SYSTEM File Read
A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. CVE: CVE-2025-23007 Last updated: March 24, 2025, 5:22 a.m...
SonicWall SMA1000 CVE-2021-33909 and CVE-2022-0847
This advisory is intended to address Linux Kernel vulnerability CVE-2021-33909 and CVE-2022-0847 in the SonicWall SMA1000 platform.SonicWall has performed a comprehensive analysis of the SMA1000 platform that resulted in no observable attack vectors for CVE-2021-33909 and CVE-2022-0847. To remove...
SonicOS Content-Length HTTP Header Stack Overflow Vulnerability
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE:...
NAT Slipstreaming (CVE-2020-28041)
SonicWall Firewalls are not vulnerable to the NAT Slipstreaming attack.SonicWall Firewall does not open an alternative port set in the SIP packet header, results in an invalid connection, and packets are dropped. CVE: CVE-2020-28041 Last updated: Dec. 15, 2020, 9:41 p.m...
SonicWALL PRO HTTP POST request denial of service
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service device reset via a long HTTP POST to the internal interface, possibly due to a buffer overflow. CVE: CVE-2003-1490 Last updated: July 29, 2017, 1:29 a.m...
SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities
1 CVE-2026-4112 - Privilege Escalation via SQL InjectionImproper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary...
SonicOS Affected By Multiple Vulnerabilities
1 CVE-2024-40762 - SonicOS SSLVPN Use of Cryptographically Weak Pseudo-Random Number Generator PRNG.Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting ...
SMA100 MFA Improper Access Control Vulnerability
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.There is no evidence that these vulnerabilities are being...
SonicWall SMA100 Pre-Authentication SQL Injection
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7481 Last updated: March 6, 2020, 4:42 a.m...
Apache Struts Remote Code Execution Vulnerability
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, i...
SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities
1 CVE-2025-32819 - Post-Authentication SSLVPN user arbitrary file delete vulnerabilityA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default...
SonicWall Hosted Email Security Capture ATP Bypass
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. CVE: CVE-2022-2324 Last updated: July 14, 2022, 6:43 p.m...
SonicWall Global VPN Client DLL Search Order Hijacking
SonicWall Global VPN client version 4.10.6 32-bit and 64-bit and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.IMPORTANT: At the time of advisory, there is no evidence to suggest tha...
Multiple Dell SonicWALL Products CVE-2015-3990 Remote Code Execution Vulnerability
The GMS ViewPoint GMSVP web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. CVE: CVE-2015-3990 Last updated: March 13, 2018, 8:25 p.m...