201 matches found
SonicOS SSLVPN and Virtual assist service authenticated buffer overflow leads to firewall crash
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service DoS in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...
Unauthenticated Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow leads to firewall crash
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5133 Last updated: Oct. 20, 2020, 8:56 a....
Email Security Weak Default Credential
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance up to 10.0.2, 9.2.3 and earlier. CVE: CVE-2019-7488 Last updated: Dec. 23, 2019, 8 p.m...
SonicWall SMA100 Authenticated Code injection
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. CVE: CVE-2019-7486 Last updated: March 6, 2020, 5:42 a.m...
SonicWall SMA100 Authenticated Buffer Overflow
Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7485 Last updated: March 6, 2020, 4:42 a.m...
SonicWall SMA100 Pre-authentication directory traversal
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE: CVE-2019-7483 Last updated: March 6, 2020, 4:42 a.m...
TCP SACK Panic - Linux Kernel Vulnerability
Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...
SonicWall Global Management System (GMS) Deprecated SSH keys Vulnerability
A vulnerability in SonicWall Global Management System GMS, allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. CVE: CVE-2019-7476 Last updated: April 26, 2019, 11 a.m...
Dell SonicWALL Secure Remote Access Products CVE-2015-2248 Cross Site Request Forgery Vulnerability
Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...
Dell SonicWALL Scrutinizer Multiple Security Vulnerabilities
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...
SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. CVE: CVE-2011-5169 Last updated: Sept. 17, 2012, 3:14 p.m...
Dell SonicWALL Scrutinizer 'q' Parameter SQL Injection Vulnerability
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. CVE: CVE-2012-2962 Last updated: March 12, 2018, 5:21 p.m...
Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...
SonicWALL Global VPN Client Remote Format String Vulnerability
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the 1 Hostname tag or the 2 name attribute in the Connection tag. NOTE: there might...
SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 the user login name, which is not filtered when the administrator views the log file. CVE: CVE-2005-1006 Last updated: July 11, 2017, 1:32 a...
SonicWall SMA1000 appliance local privilege escalation vulnerability
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC. Please note that SonicWall Firewall products are not affected by this vulnerability. CVE: CVE-2025-40602 Last updated: Dec. 18, 2025, 11:34 a.m...
SonicWall SMA100 10.2.2.2-92sv With Additional File Checking
SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices. While this is a valuable security step and a necessary measure to protect our customers, it’s equally important to clarify th...
SonicOS SessionID Buffer Overflow via HTTP response
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE: CVE-2021-20048...
SonicWall GMS 9.3 unauthenticated remote command execution vulnerability
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. CVE: CVE-2021-20020 Last updated: April 10, 2021, 1:08 a.m...
SonicWall SMA100 post-authenticated remote command injection
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20017 Last updated: March 13, 2021, 1:04 a.m...
Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow and potentially execute arbitrary code
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE:...
SonicOS out-of-bound invalid file reference leads to firewall crash
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5134 Last updated: Oct. 20, 2020, 9 a.m...
SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability
A vulnerability in SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...
Foreshadow- L1 Terminal Fault: VMM
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. CVE:...
Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability
SonicWall SonicOS on Network Security Appliance NSA 2016 Q4 devices has XSS via the Configure SSO screens. CVE: CVE-2018-5280 Last updated: Jan. 30, 2018, 4:04 p.m...
Dell SonicWall SonicOS NSA CVE-2018-5281 Multiple HTML Injection Vulnerabilities
SonicWall SonicOS on Network Security Appliance NSA 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. CVE: CVE-2018-5281 Last updated: Jan. 30, 2018, 4:12 p.m...
Dell SonicWall Secure Remote Access Multiple Command Injection Vulnerabilities
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...
Dell SonicWall SonicOS 'macIpSpoofView.html' Multiple Cross Site Scripting Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 searchSpoof or 2 searchSpoofIpDet parameter. CVE: CVE-2015-3447 Last updated: March 9, 2018, 4:20 p.m...
Dell SonicWALL NSA 2400 'stats/dashboard.jsp' Cross Site Scripting Vulnerability
Cross-site scripting XSS vulnerability in the Dashboard Backend service stats/dashboard.jsp in SonicWall Network Security Appliance NSA 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. CVE: CVE-2014-2589 Last updated: March 12, 2018, 4:19 p.m...
SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long 1 serverAddress, 2 sessionId, 3 clientIPLower, 4 clientIPHigher, 5 userName, 6 domainName, or 7...
SonicWALL Content Filtering IP addresses can bypass URL filtering
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. CVE: CVE-2002-2181 Last updated: Sept. 5, 2008, 8:32 p.m...
Soho Firewall CVE-2000-1098 Denial-Of-Service Vulnerability
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. CVE: CVE-2000-1098 Last updated: Sept. 5, 2008, 8:22 p.m...
SonicWall SMA100 Potential Exposure of Sensitive Information in Log File
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.SonicWall strongly recommends that users of the SMA 100 series products SMA 210, 410, an...
Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec
A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...
SonicOS SSLVPN service unauthenticated malicious HTTP request leads to memory addresses leak
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,...
SonicOS SSLVPN NACAgent 3.5 windows binary is vulnerable to Unquoted Service Path Privilege Escalation vulnerability
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. CVE: CVE-2019-7487 Last updated: Dec. 18, 2019, 10:11 p.m...
TCP SACK Panic - Linux Kernel Vulnerability
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...
TCP SACK Panic - Linux Kernel Vulnerability
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
Speculative Store Bypass (SSB) – also known as Variant 4
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...
Multiple Dell SonicWALL Products '/sgms/mainPage' Page Cross Site Scripting Vulnerability
Cross-site scripting XSS vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the nodeid parameter in a ScreenDisplayManager genNetwork...
Tele2 CVE-2001-0376 Remote Security Vulnerability
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...
SMA100 Exposure of Sensitive Information to an Unauthorized Actor
A vulnerability in the SonicWall SMA100 appliance could potentially expose sensitive information i.e., third-party packages and library versions used in the appliance firmware to a pre-authenticated actor.IMPORTANT: SMA 1000 series products are not affected by this vulnerability. CVE: None Last...
OpenSSL c_rehash script allows command injection CVE-2022-1292
A critical vulnerability CVE-2022-1292 was found in OpenSSL crehash script. This is due to shell metacharacters not being properly sanitized, resulting in command injection. An attacker could execute arbitrary commands with the privileges of the script.After review, it has been determined that...
Security Weakness Resulting in Potential Local Privilege Escalation When HA (High Availability) is Active
A weakness in the SMA100 Series exists when High Availability HA pair is active, potentially permitting an operation at a privilege's level that is higher than the minimum level required. If a malicious actor obtains a 'nobody' user shell on an impacted SMA100 device, this can potentially lead to...
Amnesia 33 vulnerabilities
Amnesia 33 vulnerabilities impacts four open source TCP/IP stacks uIP, FNET, picoTCP and Nut/Net libraries which are used in millions of smart IOT and embedded devices. These four open source TCP/IP stacks libraries are not used in the SonicWall firewall products. CVE: N/A Last updated: Jan. 6,...
NAT Slipstreaming (CVE-2020-28041)
SonicWall Firewalls are not vulnerable to the NAT Slipstreaming attack.SonicWall Firewall does not open an alternative port set in the SIP packet header, results in an invalid connection, and packets are dropped. CVE: CVE-2020-28041 Last updated: Dec. 15, 2020, 9:41 p.m...
SonicWALL SSL-VPN E-Class ActiveX Control Multiple Buffer Overflow Vulnerabilities
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control Aventail.EPInstaller before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long 1 CabURL and 2 Location arguments to the Install3rdPartyComponent method. CVE:...
SMA1000 SNMP Null pointer exception bug in Net-SNMP vendor packet resulting in SNMP DoS
A Null pointer exception bug in Net-SNMP vendor 5.9.0 and earlier packet allows a remote authenticated attacker to cause SMA1000 SNMP Denial of Service DoS by an insufficient check of null pointer. CVE: N/A Last updated: Feb. 7, 2022, 6:09 p.m...
SonicWall SSL-VPN Products security misconfiguration leads to possible domain name collision vulnerability
SonicWall SSL-VPN products web interface has the option to publicly display their organization’s internal domain names in the Domain drop-down menu. An attacker with knowledge of an organization’s internal domain name can potentially take advantage of a DNS flaw known as domain name collision.A...
Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API
An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...