Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Framing Frames)

Vulnerability in IEEE 802.11 implementation is found. A malicious insider can intercept traffic at the MAC layer by disconnecting a victim and connecting to the network using the victim’s MAC address and the attacker’s credentials even if clients are prevented from communicating with each other...

SonicOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. CVE: CVE-2023-1101 Last updated: March 28, 2023, 11:32 a.m...

SonicOS Unauthenticated Stack-Based Buffer Overflow Vulnerability

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have been made public and...

SonicWall Email Security Information Discloser Vulnerability

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. CVE: CVE-2023-0655 Last updated: Feb. 13, 2023, 9:59 p.m...

Impact of OpenSSL Vulnerabilities Advisory Released On February 7, 2023

OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0, 1.1.1, and 1.0.2.CVE-2023-0286 - X.400 address type confusion in X.509 GeneralNameCVE-2022-4304 - Timing Oracle in RSA DecryptionCVE-2022-4203 - X.509 Name Constraints Read Buffer...

Sonicwall Capture Client Local Privilege Escalation via SentinelOne Agent (Aikido)

An arbitrary file deletion vulnerability Aikido in Sonicwall Capture Client via SentinelOne Agent could allow a local attacker to escalate privileges and delete files. The exploit was confirmed to work with 6 vulnerable EDR products, including the SentinelOne Agent for Windows.Please note: an...

SonicWall OpenSSL Version 3.x Security Advisory

This advisory is intended to cover the following OpenSSL Vulnerabilities CVE-2022-3358 - Using a Custom Cipher with NIDundef may lead to NULL encryptionFixed in OpenSSL 3.0.6 Affected OpenSSL Versions 3.x, 3.0.0-3.0.5.More vulnerability details are available here...

CVE-2022-42889 Text4shell Apache Commons Text RCE Vulnerability

This advisory will cover the CVE-2022-42889 - Text4shell Apache Commons Text RCE Vulnerability. SonicWall Product Appliance/Cloud/Virtual/OnPrem p class="MsoNormal" align="center" style="margin-bottom:0in;text-align:center; line-height:normal;mso-element:frame;mso-element-frame-hspace:9.0pt;...

GMS File Path Manipulation

An unauthenticated attacker can gain access to web directory containing application's binaries and configuration files through file path manipulation vulnerability. CVE: CVE-2021-20030 Last updated: Oct. 13, 2022, 9:40 a.m...

SMA100 Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability in the SonicWall SMA100 appliance could potentially expose sensitive information i.e., third-party packages and library versions used in the appliance firmware to a pre-authenticated actor.IMPORTANT: SMA 1000 series products are not affected by this vulnerability. CVE: None Last...

SonicWall SMA100 Post-Auth Heap-based Buffer Overflow Vulnerability

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service DoS on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.IMPORTANT: SMA 1000 series...

SonicWall SMA1000 CVE-2021-33909 and CVE-2022-0847

This advisory is intended to address Linux Kernel vulnerability CVE-2021-33909 and CVE-2022-0847 in the SonicWall SMA1000 platform.SonicWall has performed a comprehensive analysis of the SMA1000 platform that resulted in no observable attack vectors for CVE-2021-33909 and CVE-2022-0847. To remove...

Unauthenticated SQL Injection in SonicWall GMS and Analytics

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem. CVE: CVE-2022-22280 Last updated: Oct. 13, 2022, 7:30 p.m...

SonicWall Switch Post-Authenticated Remote Code Execution

A vulnerability in SonicWall Switch 1.1.1.0-2s and earlier allows an authenticated malicious user to perform remote code execution in the host system. CVE: CVE-2022-2323 Last updated: July 15, 2022, 4:11 p.m...

SonicWall Hosted Email Security Capture ATP Bypass

Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. CVE: CVE-2022-2324 Last updated: July 14, 2022, 6:43 p.m...

OpenSSL c_rehash script allows command injection CVE-2022-1292

A critical vulnerability CVE-2022-1292 was found in OpenSSL crehash script. This is due to shell metacharacters not being properly sanitized, resulting in command injection. An attacker could execute arbitrary commands with the privileges of the script.After review, it has been determined that...

SMA100 post-authentication Remote Command Execution vulnerability

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Command as a 'root' user which potentially leads to remote command execution vulnerability or denial of service DoS attack.IMPORTANT: SMA 100...

SonicWall SSL-VPN NetExtender Windows Client Buffer Overflow Vulnerability

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client 32 and 64 bit in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. CVE: CVE-2022-22281 Last updated: May 6, 2022, 11:44 a.m...

SonicWall Global VPN Client DLL Search Order Hijacking via Application Installer

SonicWall Global VPN Client 4.10.7 installer 32-bit and 64-bit and earlier have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. CVE: CVE-2021-20051 Last updated: Apr...

SonicOS Content Filtering Service and SNMP feature affected by multiple vulnerabilities

SonicOS is affected by the below listed multiple medium severity vulnerabilities, organizations running previous versions of SonicOS should upgrade to new firmware release versions.CVE-2022-22275 - Improper Restriction of TCP Communication Channel Potentially Resulting in DoSSeverity 5.3 Medium...

Post-Auth Arbitrary File Read vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions

NOTE: SonicWall PSIRT has continued to observe threat actors targeting EOL SRA devices i.e., CVE-2021-20028, active exploitation of this vulnerability is likely in chained attacks leveraging CVE-2021-20028.Through SonicWall PSIRT Threat Intelligence gathering, SonicWall has become aware of a ‘Pos...

Spring Remote Code Execution: CVE-2022-22963 and CVE-2022-22965

SonicWall PSIRT is tracking two critical vulnerabilities impacting the Spring Framework. This advisory is intended to address both. 1CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring ExpressionIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported...

Unauthenticated Stack-Based Buffer Overflow Vulnerability In SonicOS

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution in the firewall.SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a PoC have be...

OpenSSL Infinite loop when parsing certificates CVE-2022-0778

A vulnerability CVE-2022-0778 was found in OpenSSL that allows to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied...

Post-Auth OS Command Injection vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions

NOTE: SonicWall PSIRT has observed threat actors targeting EOL SRA devices CVE-2021-20028, and active exploitation of this vulnerability is likely.SonicWall is aware of a ‘Post Authentication OS Command Injection’ vulnerability, reported by Compass Security, impacting end-of-life Secure Remote...

SMA1000 SNMP Null pointer exception bug in Net-SNMP vendor packet resulting in SNMP DoS

A Null pointer exception bug in Net-SNMP vendor 5.9.0 and earlier packet allows a remote authenticated attacker to cause SMA1000 SNMP Denial of Service DoS by an insufficient check of null pointer. CVE: N/A Last updated: Feb. 7, 2022, 6:09 p.m...

SonicOS SessionID Buffer Overflow via HTTP response

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE: CVE-2021-20048...

SonicOS Content-Length HTTP Header Stack Overflow Vulnerability

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service DoS and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 6 and Gen 7 firmware versions. CVE:...

JMSAppender - Log4j 1.2 Vulnerability CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

SMA100 Improper Access Control Vulnerability allowed restricted management APIs accessible

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.IMPORTANT: There is no evidence that these vulnerabilities are being exploited in the wild. CVE:...

SonicWall SMA100 API username enumeration vulnerability

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability affected 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. CVE: CVE-2021-20049 Last updated: Dec. 21, 202...

SonicWall Global VPN Client DLL Search Order Hijacking

SonicWall Global VPN client version 4.10.6 32-bit and 64-bit and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.IMPORTANT: At the time of advisory, there is no evidence to suggest tha...

SonicWall patches multiple SMA100 affected vulnerabilities

SonicWall has verified and patched vulnerabilities of critical and medium severity CVSS 5.3-9.8 in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities.SonicWall...

SonicOS Host Header Redirection

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. To avoid this vulnerability, follow these steps: Upgrade the firmware to the fixed version 6.5.4.8-89n, 7.0.1-R1456 etc. and higher versions,Enab...

Authenticated SMA100 Arbitrary Command Injection Vulnerability

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. CVE: CVE-2021-20035 Last updated: April 15, 2025, 3:50 p.m...

Unauthenticated SMA100 arbitrary file delete vulnerability

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. CVE: CVE-2021-20034 Last updated: Sept. 23, 2021, 9:24 p.m...

Security Weakness Resulting in Potential Local Privilege Escalation When HA (High Availability) is Active

A weakness in the SMA100 Series exists when High Availability HA pair is active, potentially permitting an operation at a privilege's level that is higher than the minimum level required. If a malicious actor obtains a 'nobody' user shell on an impacted SMA100 device, this can potentially lead to...

SonicWall Global VPN Client Privilege Escalation via Application Installer

SonicWall Global VPN Client 4.10.5 installer 32-bit and 64-bit incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts 4.10.5 installer and earlier. CVE: CVE-2021-20037 Last...

SonicWall Analytics Remote Command Execution via Java Debug Wire Protocol

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol JDWP interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. CVE: CVE-2021-20032 Last updated: Aug. 10, 2021, 2:...

OpenSSL CVE-2021-3449 and CVE-2021-3450 vulnerabilities affected certain SonicWall Products

Certain SonicWall products highlighted below are affected by the OpenSSL CVE-2021-3449 and CVE-2021-3450 vulnerability. Product Affected Versions p class="MsoNormal" style="margin-bottom:0in;line-...

SonicWall Switch LLDP Protocol multiple Out-of-Bound read vulnerability

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. CVE: CVE-2021-20024 Last updated: July 8, 2021, 5:07 p.m...

Buffer Overflow in HTTP Request Header Leads to Partial Memory Leak

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can potentially lead to an internal sensitive data disclosure vulnerability. CVE: CVE-2021-20019 Last updated: Sept. 1, 2021, 10:17 p.m...

SonicOS vulnerability involving improper neutralization of HTTP header resulting in unauthenticated Denial of Service (DoS)

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.• SonicWall PSIRT is not aware of any active exploitation of...

SonicWall 802.11 Frame Aggregation and Fragmentation Vulnerabilities (FragAttacks)

Vulnerabilities in IEEE 802.11 implementation were found. These vulnerabilities could allow an attacker to inject malicious frames into legitimate WiFi traffic. The discovered vulnerabilities affect all modern security protocols of WiFi, including the latest WPA3. Successful exploitation of these...

SonicWall NSM On-Prem authenticated command injection vulnerability

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. CVE: CVE-2021-20026 Last updated: May 27, 2021, 2:07 p.m...

SonicWall Email Security Virtual Appliance Static Credential Vulnerability

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device i...

SonicWall Email Security post-authentication arbitrary file read vulnerability

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. CVE: CVE-2021-20023 Last updated: April 20, 2021, 11:12 a.m...

SonicWall GMS 9.3 unauthenticated remote command execution vulnerability

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. CVE: CVE-2021-20020 Last updated: April 10, 2021, 1:08 a.m...

SonicWall Email Security post-authentication arbitrary file creation vulnerability

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE: CVE-2021-20022 Last updated: April 9, 2021, 10:03 p.m...

SonicWall Email Security pre-authentication administrative account creation vulnerability

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. CVE: CVE-2021-20021 Last updated: April 9, 2021, 5:12 p.m...