SonicWALL SOHO3 blocked URL log file script injection

Cross-site scripting XSS vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. CVE: CVE-2002-2341 Last updated: Sept. 5, 2008, 8:32 p.m...

RADIUS Protocol Forgery Vulnerability (Blast-RADIUS)

In early July 2024, a group of security researchers found a vulnerability in the RADIUS protocol:CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other...

SonicOS SSL-VPN Improper Authentication

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.This issue affects only firmware version SonicOS 7.1.1-7040. CVE: CVE-2024-22394 Last updated: Feb. 7, 2024, 4:44...

SonicWall NetExtender Pre-Logon Vulnerability

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation LPE vulnerability. SonicWall strongly advises SSL VPN NetExtender client users to...

SonicOS Host Header Redirection

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. To avoid this vulnerability, follow these steps: Upgrade the firmware to the fixed version 6.5.4.8-89n, 7.0.1-R1456 etc. and higher versions,Enab...

SonicWall Global VPN Client Privilege Escalation via Application Installer

SonicWall Global VPN Client 4.10.5 installer 32-bit and 64-bit incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts 4.10.5 installer and earlier. CVE: CVE-2021-20037 Last...

SonicWall Switch LLDP Protocol multiple Out-of-Bound read vulnerability

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. CVE: CVE-2021-20024 Last updated: July 8, 2021, 5:07 p.m...

SonicWall SMA100 Authenticated SQL injection

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7484 Last updated: March 6, 2020, 4:42 a.m...

Foreshadow- L1 Terminal Fault: OS/SMM

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. CVE: CVE-2018-3620 Last updated: Aug. 1...

Foreshadow- L1 Terminal Fault: SGX

Systems with microprocessors utilizing speculative execution and Intel® software guard extensions Intel® SGX may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. CVE: CVE-2018-3615 Last...

Multiple Dell SonicWALL Products CVE-2014-8420 Multiple Remote Code Execution Vulnerabilities

The ViewPoint web application in Dell SonicWALL Global Management System GMS before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. CVE: CVE-2014-8420 Last updated: March 12, 2018, 5:...

Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the nodeid parameter. CVE: CVE-2014-5024 Last updated: March 12, 2018, 5:24 p.m...

Dell SonicWall EMail Security Appliance Multiple HTML Injection Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via 1 the uploadPatch parameter to the System/Advanced page settingsadvanced.html or 2 the uploadLicenses parameter...

SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities

1 CVE-2026-4112 - Privilege Escalation via SQL InjectionImproper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary...

SonicWall SMA1000 SSRF Vulnerability

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.IMPORTANT: SonicWall PSIRT...

SonicWall NetExtender Windows Client Multiple Vulnerabilities

1 CVE-2025-23008 - SonicWall NetExtender Improper Privilege Management VulnerabilityAn improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client allows a low privileged attacker to modify configurations. CVSS Score: 7.2 CVSS Vector:...

SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Affected By Multiple Vulnerabilities

1 CVE-2024-45315 - SonicWALL SMA1000 Connect Tunnel Windows Client Link Following Denial-of-Service VulnerabilityThe Improper link resolution before file access 'Link Following' vulnerability in SonicWall Connect Tunnel version 12.4.3.271 and earlier of Windows client allows users with standard...

Heap-based buffer overflow vulnerability in SonicOS IPSec VPN

Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause Denial of Service DoS. CVE: CVE-2024-40764 Last updated: Aug. 5, 2024, 9:37 p.m...

Heap-based buffer overflow vulnerability in SonicOS SSL-VPN

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service DoS via memcpy function.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this...

Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

On December 18th, 2023, researchers from the Ruhr University Bochum published a protocol flaw in the SSH v2 protocol, called Terrapin Attack. The flaw allows removing encrypted SSH messages at the begin of the communication, allowing downgrade of security aspects of SSH connections. This occurs...

SonicWall NetExtender Windows Client DLL Search Order Hijacking Vulnerability

SonicWall NetExtender Windows 32 and 64-bit client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. SonicWall strongly advises SSL VPN...

Impact of OpenSSL Possible DoS translating ASN 1 object identifiers on SonicWall Products CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow.Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notab...

SonicWall Email Security Information Discloser Vulnerability

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. CVE: CVE-2023-0655 Last updated: Feb. 13, 2023, 9:59 p.m...

SonicWall OpenSSL Version 3.x Security Advisory

This advisory is intended to cover the following OpenSSL Vulnerabilities CVE-2022-3358 - Using a Custom Cipher with NIDundef may lead to NULL encryptionFixed in OpenSSL 3.0.6 Affected OpenSSL Versions 3.x, 3.0.0-3.0.5.More vulnerability details are available here...

SonicWall SMA100 Post-Auth Heap-based Buffer Overflow Vulnerability

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service DoS on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.IMPORTANT: SMA 1000 series...

Unauthenticated SQL Injection in SonicWall GMS and Analytics

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem. CVE: CVE-2022-22280 Last updated: Oct. 13, 2022, 7:30 p.m...

Post-Auth OS Command Injection vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions

NOTE: SonicWall PSIRT has observed threat actors targeting EOL SRA devices CVE-2021-20028, and active exploitation of this vulnerability is likely.SonicWall is aware of a ‘Post Authentication OS Command Injection’ vulnerability, reported by Compass Security, impacting end-of-life Secure Remote...

SonicWall SMA100 API username enumeration vulnerability

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability affected 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. CVE: CVE-2021-20049 Last updated: Dec. 21, 202...

SonicWall Analytics Remote Command Execution via Java Debug Wire Protocol

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol JDWP interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. CVE: CVE-2021-20032 Last updated: Aug. 10, 2021, 2:...

SonicWall Global Management System (GMS) 8.1 cross-site scripting

SonicWall Global Management System GMS 8.1 has XSS via the newName and Name values of the /sgms/TreeControl module. CVE: CVE-2018-5691 Last updated: March 12, 2018, 5:31 p.m...

Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities

The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI /cgi-bin/extensionsettings component responsible for handling some of the server's...

Dell SonicWall TotalSecure TZ 100 Series CVE-2015-7770 Denial of Service Vulnerability

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. CVE: CVE-2015-7770 Last updated: Dec. 7, 2016, 6:25 p.m...

SonicWALL Content Filtering Blocked Site Error Page Cross-Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is n...

SonicWALL Email Security Error Page Cross-Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page. CVE: CVE-2008-2162 Last updated: Aug. 8, 2017, 1:3...

SonicOS SSLVPN Pre-Auth Stack-Based Buffer Overflow Vulnerability

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 CVE-2025-40596 - Pre-Authentication Stack-Based Buffer Overflow VulnerabilityA Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution. CVSS Score: 7.3 CVSS Vecto...

SonicWall Net Extender Repair Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running the repair functionality. SonicWall strongly advises SSL VPN NetExtender client users to upgrade t...

GMS File Path Manipulation

An unauthenticated attacker can gain access to web directory containing application's binaries and configuration files through file path manipulation vulnerability. CVE: CVE-2021-20030 Last updated: Oct. 13, 2022, 9:40 a.m...

SonicWall Switch Post-Authenticated Remote Code Execution

A vulnerability in SonicWall Switch 1.1.1.0-2s and earlier allows an authenticated malicious user to perform remote code execution in the host system. CVE: CVE-2022-2323 Last updated: July 15, 2022, 4:11 p.m...

SonicOS Content Filtering Service and SNMP feature affected by multiple vulnerabilities

SonicOS is affected by the below listed multiple medium severity vulnerabilities, organizations running previous versions of SonicOS should upgrade to new firmware release versions.CVE-2022-22275 - Improper Restriction of TCP Communication Channel Potentially Resulting in DoSSeverity 5.3 Medium...

Post-Auth Arbitrary File Read vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions

NOTE: SonicWall PSIRT has continued to observe threat actors targeting EOL SRA devices i.e., CVE-2021-20028, active exploitation of this vulnerability is likely in chained attacks leveraging CVE-2021-20028.Through SonicWall PSIRT Threat Intelligence gathering, SonicWall has become aware of a ‘Pos...

SonicWall Global VPN Client DLL Search Order Hijacking

SonicWall Global VPN client version 4.10.6 32-bit and 64-bit and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.IMPORTANT: At the time of advisory, there is no evidence to suggest tha...

SonicOS vulnerability involving improper neutralization of HTTP header resulting in unauthenticated Denial of Service (DoS)

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.• SonicWall PSIRT is not aware of any active exploitation of...

SonicWall Email Security post-authentication arbitrary file read vulnerability

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. CVE: CVE-2021-20023 Last updated: April 20, 2021, 11:12 a.m...

SonicOS SSLVPN Stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen ...

SonicWall SMA1000 HTTP Extraweb server Denial of Service vulnerability

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. CVE: CVE-2020-5129 Last updated: March 25, 2020, 8 p.m...

Global Management System (GMS) Unauthorized User SQL Injection

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. CVE: CVE-2019-7478 Last updated: Dec. 30, 2019, 8 p.m...

Email Security Unauthenticated Remote Code Execution

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. CVE: CVE-2019-7489 Last updated: Dec. 23, 2019, 8 p.m...

SonicOS Download Certificate in Admin GUI Could Cause System Instability

A vulnerability in SonicOS allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0,...

Linux Kernel Crypto Subsystem Vulnerability

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each afalgctx was freed instead of when the aeadtfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user bein...