201 matches found
SonicWall Net Extender Repair Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running the repair functionality. SonicWall strongly advises SSL VPN NetExtender client users to upgrade t...
GMS File Path Manipulation
An unauthenticated attacker can gain access to web directory containing application's binaries and configuration files through file path manipulation vulnerability. CVE: CVE-2021-20030 Last updated: Oct. 13, 2022, 9:40 a.m...
SonicOS Content Filtering Service and SNMP feature affected by multiple vulnerabilities
SonicOS is affected by the below listed multiple medium severity vulnerabilities, organizations running previous versions of SonicOS should upgrade to new firmware release versions.CVE-2022-22275 - Improper Restriction of TCP Communication Channel Potentially Resulting in DoSSeverity 5.3 Medium...
Post-Auth Arbitrary File Read vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions
NOTE: SonicWall PSIRT has continued to observe threat actors targeting EOL SRA devices i.e., CVE-2021-20028, active exploitation of this vulnerability is likely in chained attacks leveraging CVE-2021-20028.Through SonicWall PSIRT Threat Intelligence gathering, SonicWall has become aware of a ‘Pos...
SonicWall Global VPN Client DLL Search Order Hijacking
SonicWall Global VPN client version 4.10.6 32-bit and 64-bit and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.IMPORTANT: At the time of advisory, there is no evidence to suggest tha...
OpenSSL CVE-2021-3449 and CVE-2021-3450 vulnerabilities affected certain SonicWall Products
Certain SonicWall products highlighted below are affected by the OpenSSL CVE-2021-3449 and CVE-2021-3450 vulnerability. Product Affected Versions p class="MsoNormal" style="margin-bottom:0in;line-...
SonicOS vulnerability involving improper neutralization of HTTP header resulting in unauthenticated Denial of Service (DoS)
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.• SonicWall PSIRT is not aware of any active exploitation of...
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading DLL hijacking vulnerability. Successful exploitation could lead to remote code execution in the target system. CVE: CVE-2020-5145 Last updated: Oct. 28, 2020, 9:39 a.m...
SonicWall Global VPN client version 4.10.4.0314 and earlier allows privilege elevation through loaded process hijacking vulnerability
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. CVE: CVE-2020-5144 Last updated: Oct. 28, 2020, 9:31 a.m...
SonicOS SSLVPN Stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen ...
SonicWall SMA1000 HTTP Extraweb server Denial of Service vulnerability
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. CVE: CVE-2020-5129 Last updated: March 25, 2020, 8 p.m...
Global Management System (GMS) Unauthorized User SQL Injection
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. CVE: CVE-2019-7478 Last updated: Dec. 30, 2019, 8 p.m...
Email Security Unauthenticated Remote Code Execution
A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. CVE: CVE-2019-7489 Last updated: Dec. 23, 2019, 8 p.m...
Linux Kernel Crypto Subsystem Vulnerability
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each afalgctx was freed instead of when the aeadtfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user bein...
Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...
Multiple Dell SonicWALL Products CVE-2015-3990 Remote Code Execution Vulnerability
The GMS ViewPoint GMSVP web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. CVE: CVE-2015-3990 Last updated: March 13, 2018, 8:25 p.m...
Dell SonicWALL Scrutinizer 'q' Parameter SQL Injection Vulnerability
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. CVE: CVE-2012-2962 Last updated: March 12, 2018, 5:21 p.m...
SonicWALL Firmware CVE-2003-1320 Denial-Of-Service Vulnerability
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange IKE response packets, possibly including 1 a large Security Parameter Index SPI field, 2 a large number of payloads, or 3 a long payload. CV...
SonicWALL SOHO Firewall Predictable TCP Initial Sequence Number Vulnerability
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. CVE: CVE-2001-1104 Last updated: Sept. 5, 2008, 8:25 p.m...
SonicWall Email Security Affected By Multiple Vulnerabilities
1 CVE-2026-3468 - Stored Cross-Site Scripting XSS VulnerabilityA stored Cross-Site Scripting XSS vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker a...
SonicOS Use of Externally-Controlled Format String Vulnerability
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.SonicWall strongly advises users of the SonicWall firewall products to upgrade to the mentioned fixed release version to address this...
SonicWall SMA100 Post-authentication Arbitrary File Upload vulnerability
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution. SonicWall strongly recommends...
Stack-based buffer overflow vulnerability in SonicOS HTTP server
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service DoS via sscanf function.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and malicious use of this...
SonicOS SSLVPN Portal Stored Cross-site Scripting Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. This vulnerability affects only SonicOS Gen7 firmware 7.0.1-5145,...
Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec
A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...
SonicOS Content-Length HTTP Header Stack Overflow Vulnerability
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE:...
Authenticated SMA100 Arbitrary Command Injection Vulnerability
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. CVE: CVE-2021-20035 Last updated: April 15, 2025, 3:50 p.m...
SonicWall NSM On-Prem authenticated command injection vulnerability
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. CVE: CVE-2021-20026 Last updated: May 27, 2021, 2:07 p.m...
SonicWall SMA100 post-authentication configuration export to the a specified email address
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20018 Last updated: March 13, 2021, 1:19 a.m...
SonicWall SSO-Agent NetAPI Vulnerability allows an attacker to force SSO Agent authentication, potentially leading to firewall access control bypass
SonicWall SSO-agent default configuration uses Microsoft NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypa...
SonicWall SSLVPN SMA100 authenticated command injection vulnerability
A vulnerability in the SonicWall SMA100 appliance allows an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 build version 10.2.0.2-20sv and earlier. CVE: CVE-2020-5146 Last updated: Jan. 9, 2021, 12:18 a.m...
SonicWall NetExtender windows client unquoted service path vulnerability
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. CVE: CVE-2020-5147 Last...
SonicOS SSLVPN unauthenticated Heap Overflow vulnerability allows a remote attacker to cause Denial of Service (DoS)
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, and SonicO...
SonicOS SSLVPN External Service Interaction (DNS) Vulnerability
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. CVE: CVE-2020-5130 Last updated: July 16, 2020, 9:26 a.m...
SonicWall NetExtender arbitrary file write vulnerability
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. CVE: CVE-2020-5131 Last updated: July 16, 2020, 9:01 a.m...
SonicWall SMA100 Authenticated Code injection
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. CVE: CVE-2019-7486 Last updated: March 6, 2020, 5:42 a.m...
SonicWall SMA100 Pre-authentication stack buffer overflow
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7482 Last updated: March 6, 2020, 4:42 a.m...
Multiple VPN applications insecurely store session cookies
A research of Software Engineering Institute of the Carnegie Mellon University shows that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CVE: CVE-2019-1573 CVE-2016-8201 Last updated: April 12, 2019, 8:17 p.m...
SonicWall Global Management System (GMS) Deprecated SSH keys Vulnerability
A vulnerability in SonicWall Global Management System GMS, allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. CVE: CVE-2019-7476 Last updated: April 26, 2019, 11 a.m...
SonicOS Unprivileged User Access ARS
A vulnerability in SonicOS with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...
Administrators without full permissions can download imported certificates
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Ge...
libssh Authentication Bypass Vulnerability
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE: CVE-2018-10933 Last updated: Oct. 19, 2018, midnight...
cURL (libcurl) NTLM Authentication Code Buffer Overrun Vulnerability
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curlntlmcoremknthash multiplies the length of the password by two SUM to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently...
OpenSSH user enumeration vulnerability
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. CVE: CVE-2018-15473 Last updated: Aug...
Foreshadow- L1 Terminal Fault: VMM
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. CVE:...
Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI /cgi-bin/viewcert component responsible for processing SSL certificate information. The CGI...
Dell SonicWALL Secure Remote Access Products CVE-2015-2248 Cross Site Request Forgery Vulnerability
Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...
SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. CVE: CVE-2011-5169 Last updated: Sept. 17, 2012, 3:14 p.m...
SonicWALL Global VPN Client Remote Format String Vulnerability
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the 1 Hostname tag or the 2 name attribute in the Connection tag. NOTE: there might...
SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. CVE: CVE-2007-5603 Last updated: Sept...