Lucene search
K
SonicwallMost viewed

201 matches found

SonicWall
SonicWall
added 2007/11/05 6:46 p.m.8 views

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long 1 serverAddress, 2 sessionId, 3 clientIPLower, 4 clientIPHigher, 5 userName, 6 domainName, or 7...

9.3CVSS7.5AI score0.05723EPSS
Exploits1
SonicWall
SonicWall
added 2007/11/05 6:46 p.m.8 views

SonicWALL SSL VPN Client Remote ActiveX Multiple Vulnerabilities

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. CVE: CVE-2007-5815 Last...

10CVSS7.1AI score0.04526EPSS
Exploits1
SonicWall
SonicWall
added 2005/05/02 4:0 a.m.8 views

SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 the user login name, which is not filtered when the administrator views the log file. CVE: CVE-2005-1006 Last updated: July 11, 2017, 1:32 a...

4.3CVSS5.6AI score0.06296EPSS
Exploits1
SonicWall
SonicWall
added 2025/12/17 1:51 p.m.7 views

SonicWall SMA1000 appliance local privilege escalation vulnerability

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console AMC. Please note that SonicWall Firewall products are not affected by this vulnerability. CVE: CVE-2025-40602 Last updated: Dec. 18, 2025, 11:34 a.m...

6.6CVSS6.1AI score0.0191EPSS
Exploits1
SonicWall
SonicWall
added 2025/11/19 11:42 a.m.7 views

SonicWall Email Security Affected By Multiple Vulnerabilities

1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...

7.2CVSS8.2AI score0.00292EPSS
Exploits0
SonicWall
SonicWall
added 2024/08/22 6:43 p.m.7 views

SonicOS Improper Access Control Vulnerability

An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7...

9.3CVSS9.7AI score0.15593EPSS
Exploits0
SonicWall
SonicWall
added 2024/02/23 3:41 a.m.7 views

SMA100 MFA Improper Access Control Vulnerability

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.There is no evidence that these vulnerabilities are being...

6.3CVSS6.3AI score0.00433EPSS
Exploits0
SonicWall
SonicWall
added 2023/02/09 11:51 p.m.7 views

Impact of OpenSSL Vulnerabilities Advisory Released On February 7, 2023

OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0, 1.1.1, and 1.0.2.CVE-2023-0286 - X.400 address type confusion in X.509 GeneralNameCVE-2022-4304 - Timing Oracle in RSA DecryptionCVE-2022-4203 - X.509 Name Constraints Read Buffer...

7.5CVSS7.2AI score0.59501EPSS
Exploits0
SonicWall
SonicWall
added 2022/12/13 7:24 p.m.7 views

Sonicwall Capture Client Local Privilege Escalation via SentinelOne Agent (Aikido)

An arbitrary file deletion vulnerability Aikido in Sonicwall Capture Client via SentinelOne Agent could allow a local attacker to escalate privileges and delete files. The exploit was confirmed to work with 6 vulnerable EDR products, including the SentinelOne Agent for Windows.Please note: an...

7.1CVSS7.2AI score
Exploits0
SonicWall
SonicWall
added 2022/05/06 11:44 a.m.7 views

SonicWall SSL-VPN NetExtender Windows Client Buffer Overflow Vulnerability

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client 32 and 64 bit in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. CVE: CVE-2022-22281 Last updated: May 6, 2022, 11:44 a.m...

4.8CVSS8AI score0.00474EPSS
Exploits0
SonicWall
SonicWall
added 2022/03/22 9:31 a.m.7 views

OpenSSL Infinite loop when parsing certificates CVE-2022-0778

A vulnerability CVE-2022-0778 was found in OpenSSL that allows to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied...

7.5CVSS7.9AI score0.70561EPSS
Exploits2
SonicWall
SonicWall
added 2021/05/13 2:0 p.m.7 views

SonicWall Email Security Virtual Appliance Static Credential Vulnerability

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device i...

8.4CVSS6.8AI score0.00356EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:48 a.m.7 views

SonicOS SSLVPN allows unauthenticated attacker to brute force Virtual Assist ticket ID

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5141 Last...

6.5CVSS6.9AI score0.01261EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:40 a.m.7 views

SonicOS SSLVPN service unauthenticated release of Invalid pointer to cause Denial of Service (DoS) vulnerability and leads to firewall crash

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...

7.5CVSS7AI score0.01742EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:15 a.m.7 views

SonicOS SSLVPN unauthenticated buffer overflow leads to firewall crash

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicO...

7.5CVSS7.4AI score0.01733EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:10 a.m.7 views

SonicOS SSLVPN and Virtual assist service authenticated buffer overflow leads to firewall crash

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service DoS in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...

6.5CVSS7AI score0.01104EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:4 a.m.7 views

Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow and potentially execute arbitrary code

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE:...

9.4CVSS8.2AI score0.26869EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 8:56 a.m.7 views

Unauthenticated Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow leads to firewall crash

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5133 Last updated: Oct. 20, 2020, 8:56 a....

8.2CVSS7.1AI score0.01733EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/23 8:0 p.m.7 views

Email Security Weak Default Credential

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance up to 10.0.2, 9.2.3 and earlier. CVE: CVE-2019-7488 Last updated: Dec. 23, 2019, 8 p.m...

7.1CVSS7.1AI score0.01894EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/18 7:42 p.m.7 views

SonicWall SMA100 Authenticated Buffer Overflow

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7485 Last updated: March 6, 2020, 4:42 a.m...

8CVSS7.8AI score0.0153EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/17 9:0 p.m.7 views

SonicWall SMA100 Pre-authentication directory traversal

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE: CVE-2019-7483 Last updated: March 6, 2020, 4:42 a.m...

7.5CVSS7.5AI score0.03977EPSS
Exploits0
SonicWall
SonicWall
added 2019/06/18 12:0 a.m.7 views

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

7.5CVSS7.1AI score0.94686EPSS
Exploits1
SonicWall
SonicWall
added 2014/07/16 2:19 p.m.7 views

Dell SonicWALL Scrutinizer Multiple Security Vulnerabilities

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

6.5CVSS7.9AI score0.74932EPSS
Exploits5
SonicWall
SonicWall
added 2009/12/04 11:30 a.m.7 views

Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...

6.8CVSS6.5AI score0.05134EPSS
Exploits0
SonicWall
SonicWall
added 2002/12/31 5:0 a.m.7 views

SonicWALL Content Filtering IP addresses can bypass URL filtering

SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. CVE: CVE-2002-2181 Last updated: Sept. 5, 2008, 8:32 p.m...

5CVSS6.6AI score0.01292EPSS
Exploits0
SonicWall
SonicWall
added 2025/10/30 10:40 a.m.6 views

SonicWall SMA100 Potential Exposure of Sensitive Information in Log File

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.SonicWall strongly recommends that users of the SMA 100 series products SMA 210, 410, an...

4.5CVSS6.3AI score0.00437EPSS
Exploits0
SonicWall
SonicWall
added 2025/09/22 6:27 p.m.6 views

SonicWall SMA100 10.2.2.2-92sv With Additional File Checking

SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices. While this is a valuable security step and a necessary measure to protect our customers, it’s equally important to clarify th...

6.7AI score
Exploits0
SonicWall
SonicWall
added 2022/01/05 6:38 p.m.6 views

SonicOS SessionID Buffer Overflow via HTTP response

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE: CVE-2021-20048...

5.3CVSS7.6AI score0.01939EPSS
Exploits0
SonicWall
SonicWall
added 2021/04/10 1:8 a.m.6 views

SonicWall GMS 9.3 unauthenticated remote command execution vulnerability

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. CVE: CVE-2021-20020 Last updated: April 10, 2021, 1:08 a.m...

9.8CVSS7.2AI score0.0373EPSS
Exploits0
SonicWall
SonicWall
added 2021/03/13 1:4 a.m.6 views

SonicWall SMA100 post-authenticated remote command injection

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20017 Last updated: March 13, 2021, 1:04 a.m...

7.2CVSS7.6AI score0.01849EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:0 a.m.6 views

SonicOS out-of-bound invalid file reference leads to firewall crash

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5134 Last updated: Oct. 20, 2020, 9 a.m...

6.5CVSS6.6AI score0.0111EPSS
Exploits0
SonicWall
SonicWall
added 2019/04/01 8:0 p.m.6 views

SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability

A vulnerability in SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...

7.5CVSS6.7AI score0.01192EPSS
Exploits0
SonicWall
SonicWall
added 2018/01/08 9:29 a.m.6 views

Dell SonicWall SonicOS NSA CVE-2018-5280 HTML Injection Vulnerability

SonicWall SonicOS on Network Security Appliance NSA 2016 Q4 devices has XSS via the Configure SSO screens. CVE: CVE-2018-5280 Last updated: Jan. 30, 2018, 4:04 p.m...

5.4CVSS5.8AI score0.02507EPSS
Exploits3
SonicWall
SonicWall
added 2014/02/14 4:55 p.m.6 views

Multiple Dell SonicWALL Products '/sgms/mainPage' Page Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the nodeid parameter in a ScreenDisplayManager genNetwork...

4.3CVSS5.8AI score0.02761EPSS
Exploits1
SonicWall
SonicWall
added 2025/01/07 11:40 a.m.5 views

Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec

A Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service DoS and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.SonicWall PSIRT is not aware of active exploitation in the wild...

5.3CVSS8.2AI score0.00786EPSS
Exploits0
SonicWall
SonicWall
added 2020/10/12 9:43 a.m.5 views

SonicOS SSLVPN service unauthenticated malicious HTTP request leads to memory addresses leak

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,...

7.5CVSS7AI score0.01742EPSS
Exploits0
SonicWall
SonicWall
added 2019/12/18 10:11 p.m.5 views

SonicOS SSLVPN NACAgent 3.5 windows binary is vulnerable to Unquoted Service Path Privilege Escalation vulnerability

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. CVE: CVE-2019-7487 Last updated: Dec. 18, 2019, 10:11 p.m...

7CVSS7.2AI score0.00462EPSS
Exploits0
SonicWall
SonicWall
added 2019/06/18 12:0 a.m.5 views

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

7.5CVSS7.1AI score0.9166EPSS
Exploits1
SonicWall
SonicWall
added 2019/06/18 12:0 a.m.5 views

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

7.5CVSS7.2AI score0.98745EPSS
Exploits4
SonicWall
SonicWall
added 2018/05/24 12:0 a.m.5 views

Speculative Store Bypass (SSB) – also known as Variant 4

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Stor...

4.3CVSS6.5AI score0.60631EPSS
Exploits2
SonicWall
SonicWall
added 2010/11/03 1:37 p.m.5 views

SonicWALL SSL-VPN E-Class ActiveX Control Multiple Buffer Overflow Vulnerabilities

Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control Aventail.EPInstaller before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long 1 CabURL and 2 Location arguments to the Install3rdPartyComponent method. CVE:...

9.3CVSS8.4AI score0.04756EPSS
Exploits0
SonicWall
SonicWall
added 2001/06/18 4:0 a.m.5 views

Tele2 CVE-2001-0376 Remote Security Vulnerability

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack t...

7.5CVSS7.1AI score0.01351EPSS
Exploits0
SonicWall
SonicWall
added 2022/08/24 3:57 p.m.4 views

SMA100 Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability in the SonicWall SMA100 appliance could potentially expose sensitive information i.e., third-party packages and library versions used in the appliance firmware to a pre-authenticated actor.IMPORTANT: SMA 1000 series products are not affected by this vulnerability. CVE: None Last...

5.3CVSS6.7AI score
Exploits0
SonicWall
SonicWall
added 2022/07/13 5:32 p.m.4 views

OpenSSL c_rehash script allows command injection CVE-2022-1292

A critical vulnerability CVE-2022-1292 was found in OpenSSL crehash script. This is due to shell metacharacters not being properly sanitized, resulting in command injection. An attacker could execute arbitrary commands with the privileges of the script.After review, it has been determined that...

9.8CVSS10AI score0.83223EPSS
Exploits5
SonicWall
SonicWall
added 2021/09/23 9:20 p.m.4 views

Security Weakness Resulting in Potential Local Privilege Escalation When HA (High Availability) is Active

A weakness in the SMA100 Series exists when High Availability HA pair is active, potentially permitting an operation at a privilege's level that is higher than the minimum level required. If a malicious actor obtains a 'nobody' user shell on an impacted SMA100 device, this can potentially lead to...

4.7CVSS7.4AI score
Exploits0
SonicWall
SonicWall
added 2021/01/06 9:25 p.m.4 views

Amnesia 33 vulnerabilities

Amnesia 33 vulnerabilities impacts four open source TCP/IP stacks uIP, FNET, picoTCP and Nut/Net libraries which are used in millions of smart IOT and embedded devices. These four open source TCP/IP stacks libraries are not used in the SonicWall firewall products. CVE: N/A Last updated: Jan. 6,...

9.8CVSS7.3AI score
Exploits0
SonicWall
SonicWall
added 2020/12/15 9:41 p.m.4 views

NAT Slipstreaming (CVE-2020-28041)

SonicWall Firewalls are not vulnerable to the NAT Slipstreaming attack.SonicWall Firewall does not open an alternative port set in the SIP packet header, results in an invalid connection, and packets are dropped. CVE: CVE-2020-28041 Last updated: Dec. 15, 2020, 9:41 p.m...

4.3CVSS6.8AI score0.01975EPSS
Exploits1
SonicWall
SonicWall
added 2022/02/07 6:9 p.m.3 views

SMA1000 SNMP Null pointer exception bug in Net-SNMP vendor packet resulting in SNMP DoS

A Null pointer exception bug in Net-SNMP vendor 5.9.0 and earlier packet allows a remote authenticated attacker to cause SMA1000 SNMP Denial of Service DoS by an insufficient check of null pointer. CVE: N/A Last updated: Feb. 7, 2022, 6:09 p.m...

4.4CVSS6.7AI score
Exploits0
SonicWall
SonicWall
added 2020/09/08 7:12 a.m.3 views

SonicWall SSL-VPN Products security misconfiguration leads to possible domain name collision vulnerability

SonicWall SSL-VPN products web interface has the option to publicly display their organization’s internal domain names in the Domain drop-down menu. An attacker with knowledge of an organization’s internal domain name can potentially take advantage of a DNS flaw known as domain name collision.A...

5.3CVSS7AI score
Exploits0
SonicWall
SonicWall
added 2020/08/25 7:30 p.m.3 views

Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API

An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...

9.9CVSS7AI score
Exploits0
Total number of security vulnerabilities201