201 matches found
SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long 1 serverAddress, 2 sessionId, 3 clientIPLower, 4 clientIPHigher, 5 userName, 6 domainName, or 7...
SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. CVE: CVE-2007-5815 Last...
SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 the user login name, which is not filtered when the administrator views the log file. CVE: CVE-2005-1006 Last updated: July 11, 2017, 1:32 a...
SonicWall SMA1000 appliance local privilege escalation vulnerability
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC. Please note that SonicWall Firewall products are not affected by this vulnerability. CVE: CVE-2025-40602 Last updated: Dec. 18, 2025, 11:34 a.m...
SonicWall Email Security Affected By Multiple Vulnerabilities
1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...
SonicOS Improper Access Control Vulnerability
An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7...
SMA100 MFA Improper Access Control Vulnerability
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.There is no evidence that these vulnerabilities are being...
Impact of OpenSSL Vulnerabilities Advisory Released On February 7, 2023
OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0, 1.1.1, and 1.0.2.CVE-2023-0286 - X.400 address type confusion in X.509 GeneralNameCVE-2022-4304 - Timing Oracle in RSA DecryptionCVE-2022-4203 - X.509 Name Constraints Read Buffer...
Sonicwall Capture Client Local Privilege Escalation via SentinelOne Agent (Aikido)
An arbitrary file deletion vulnerability Aikido in Sonicwall Capture Client via SentinelOne Agent could allow a local attacker to escalate privileges and delete files. The exploit was confirmed to work with 6 vulnerable EDR products, including the SentinelOne Agent for Windows.Please note: an...
SonicWall SSL-VPN NetExtender Windows Client Buffer Overflow Vulnerability
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client 32 and 64 bit in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. CVE: CVE-2022-22281 Last updated: May 6, 2022, 11:44 a.m...
OpenSSL Infinite loop when parsing certificates CVE-2022-0778
A vulnerability CVE-2022-0778 was found in OpenSSL that allows to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied...
SonicWall Email Security Virtual Appliance Static Credential Vulnerability
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device i...
SonicOS SSLVPN allows unauthenticated attacker to brute force Virtual Assist ticket ID
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5141 Last...
SonicOS SSLVPN service unauthenticated release of Invalid pointer to cause Denial of Service (DoS) vulnerability and leads to firewall crash
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...
SonicOS SSLVPN unauthenticated buffer overflow leads to firewall crash
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicO...
SonicOS SSLVPN and Virtual assist service authenticated buffer overflow leads to firewall crash
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service DoS in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...
Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow and potentially execute arbitrary code
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE:...
Unauthenticated Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow leads to firewall crash
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5133 Last updated: Oct. 20, 2020, 8:56 a....
Email Security Weak Default Credential
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance up to 10.0.2, 9.2.3 and earlier. CVE: CVE-2019-7488 Last updated: Dec. 23, 2019, 8 p.m...
SonicWall SMA100 Authenticated Buffer Overflow
Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7485 Last updated: March 6, 2020, 4:42 a.m...
SonicWall SMA100 Pre-authentication directory traversal
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE: CVE-2019-7483 Last updated: March 6, 2020, 4:42 a.m...
TCP SACK Panic - Linux Kernel Vulnerability
Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...
Dell SonicWALL Scrutinizer Multiple Security Vulnerabilities
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...
Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...
SonicWALL Content Filtering IP addresses can bypass URL filtering
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. CVE: CVE-2002-2181 Last updated: Sept. 5, 2008, 8:32 p.m...
SonicWall SMA100 Potential Exposure of Sensitive Information in Log File
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.SonicWall strongly recommends that users of the SMA 100 series products SMA 210, 410, an...
SonicWall SMA100 10.2.2.2-92sv With Additional File Checking
SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices. While this is a valuable security step and a necessary measure to protect our customers, it’s equally important to clarify th...
SonicOS SessionID Buffer Overflow via HTTP response
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE: CVE-2021-20048...
SonicWall GMS 9.3 unauthenticated remote command execution vulnerability
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. CVE: CVE-2021-20020 Last updated: April 10, 2021, 1:08 a.m...
SonicWall SMA100 post-authenticated remote command injection
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20017 Last updated: March 13, 2021, 1:04 a.m...
SonicOS out-of-bound invalid file reference leads to firewall crash
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5134 Last updated: Oct. 20, 2020, 9 a.m...
SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability
A vulnerability in SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...
Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability
SonicWall SonicOS on Network Security Appliance NSA 2016 Q4 devices has XSS via the Configure SSO screens. CVE: CVE-2018-5280 Last updated: Jan. 30, 2018, 4:04 p.m...
Multiple Dell SonicWALL Products '/sgms/mainPage' Page Cross Site Scripting Vulnerability
Cross-site scripting XSS vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the nodeid parameter in a ScreenDisplayManager genNetwork...
Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec
A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...
SonicOS SSLVPN service unauthenticated malicious HTTP request leads to memory addresses leak
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,...
SonicOS SSLVPN NACAgent 3.5 windows binary is vulnerable to Unquoted Service Path Privilege Escalation vulnerability
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. CVE: CVE-2019-7487 Last updated: Dec. 18, 2019, 10:11 p.m...
TCP SACK Panic - Linux Kernel Vulnerability
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...
TCP SACK Panic - Linux Kernel Vulnerability
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
Speculative Store Bypass (SSB) – also known as Variant 4
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...
SonicWALL SSL-VPN E-Class ActiveX Control Multiple Buffer Overflow Vulnerabilities
Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control Aventail.EPInstaller before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long 1 CabURL and 2 Location arguments to the Install3rdPartyComponent method. CVE:...
Tele2 CVE-2001-0376 Remote Security Vulnerability
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...
SMA100 Exposure of Sensitive Information to an Unauthorized Actor
A vulnerability in the SonicWall SMA100 appliance could potentially expose sensitive information i.e., third-party packages and library versions used in the appliance firmware to a pre-authenticated actor.IMPORTANT: SMA 1000 series products are not affected by this vulnerability. CVE: None Last...
OpenSSL c_rehash script allows command injection CVE-2022-1292
A critical vulnerability CVE-2022-1292 was found in OpenSSL crehash script. This is due to shell metacharacters not being properly sanitized, resulting in command injection. An attacker could execute arbitrary commands with the privileges of the script.After review, it has been determined that...
Security Weakness Resulting in Potential Local Privilege Escalation When HA (High Availability) is Active
A weakness in the SMA100 Series exists when High Availability HA pair is active, potentially permitting an operation at a privilege's level that is higher than the minimum level required. If a malicious actor obtains a 'nobody' user shell on an impacted SMA100 device, this can potentially lead to...
Amnesia 33 vulnerabilities
Amnesia 33 vulnerabilities impacts four open source TCP/IP stacks uIP, FNET, picoTCP and Nut/Net libraries which are used in millions of smart IOT and embedded devices. These four open source TCP/IP stacks libraries are not used in the SonicWall firewall products. CVE: N/A Last updated: Jan. 6,...
NAT Slipstreaming (CVE-2020-28041)
SonicWall Firewalls are not vulnerable to the NAT Slipstreaming attack.SonicWall Firewall does not open an alternative port set in the SIP packet header, results in an invalid connection, and packets are dropped. CVE: CVE-2020-28041 Last updated: Dec. 15, 2020, 9:41 p.m...
SMA1000 SNMP Null pointer exception bug in Net-SNMP vendor packet resulting in SNMP DoS
A Null pointer exception bug in Net-SNMP vendor 5.9.0 and earlier packet allows a remote authenticated attacker to cause SMA1000 SNMP Denial of Service DoS by an insufficient check of null pointer. CVE: N/A Last updated: Feb. 7, 2022, 6:09 p.m...
SonicWall SSL-VPN Products security misconfiguration leads to possible domain name collision vulnerability
SonicWall SSL-VPN products web interface has the option to publicly display their organization’s internal domain names in the Domain drop-down menu. An attacker with knowledge of an organization’s internal domain name can potentially take advantage of a DNS flaw known as domain name collision.A...
Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API
An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...