SonicWall SMA100 post-authentication configuration export to the a specified email address

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20018 Last updated: March 13, 2021, 1:19 a.m...

SonicWall SMA100 post-authenticated remote command injection

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20017 Last updated: March 13, 2021, 1:04 a.m...

SonicWall SSO-Agent NetAPI Vulnerability allows an attacker to force SSO Agent authentication, potentially leading to firewall access control bypass

SonicWall SSO-agent default configuration uses Microsoft NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypa...

Confirmed Zero-day vulnerability in the SonicWall SMA100 build version 10.x

A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker. This vulnerability impacts SMA100 build version 10.x. CVE: CVE-2021-20016 Last updated: Feb. 3, 2021, 9:11 p.m...

SonicWall NetExtender windows client unquoted service path vulnerability

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. CVE: CVE-2020-5147 Last...

SonicWall SSLVPN SMA100 authenticated command injection vulnerability

A vulnerability in the SonicWall SMA100 appliance allows an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 build version 10.2.0.2-20sv and earlier. CVE: CVE-2020-5146 Last updated: Jan. 9, 2021, 12:18 a.m...

Amnesia 33 vulnerabilities

Amnesia 33 vulnerabilities impacts four open source TCP/IP stacks uIP, FNET, picoTCP and Nut/Net libraries which are used in millions of smart IOT and embedded devices. These four open source TCP/IP stacks libraries are not used in the SonicWall firewall products. CVE: N/A Last updated: Jan. 6,...

NAT Slipstreaming (CVE-2020-28041)

SonicWall Firewalls are not vulnerable to the NAT Slipstreaming attack.SonicWall Firewall does not open an alternative port set in the SIP packet header, results in an invalid connection, and packets are dropped. CVE: CVE-2020-28041 Last updated: Dec. 15, 2020, 9:41 p.m...

SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability

SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading DLL hijacking vulnerability. Successful exploitation could lead to remote code execution in the target system. CVE: CVE-2020-5145 Last updated: Oct. 28, 2020, 9:39 a.m...

SonicWall Global VPN client version 4.10.4.0314 and earlier allows privilege elevation through loaded process hijacking vulnerability

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. CVE: CVE-2020-5144 Last updated: Oct. 28, 2020, 9:31 a.m...

A vulnerability in the SonicWall Capture Security Center was allowing access to the managed firewall without authentication

A vulnerability in the SonicWall Capture Security Center - Cloud Security Management Service was allowing users to access managed firewalls without authentication, this issue has been resolved and a security patch has been pushed out to all affected Capture Security Center - Management and...

SonicOS SSLVPN login page administrator username enumeration vulnerability

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, and SonicOSv 6.5.4.v...

SonicOS SSLVPN Stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen ...

SonicOS SSLVPN allows unauthenticated attacker to brute force Virtual Assist ticket ID

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5141 Last...

SonicOS SSLVPN service unauthenticated malicious HTTP request leads to memory addresses leak

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,...

SonicOS SSLVPN service unauthenticated release of Invalid pointer to cause Denial of Service (DoS) vulnerability and leads to firewall crash

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...

SonicOS SSLVPN unauthenticated Heap Overflow vulnerability allows a remote attacker to cause Denial of Service (DoS)

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, and SonicO...

SonicOS SSLVPN unauthenticated buffer overflow leads to firewall crash

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS on the firewall SSLVPN service and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicO...

SonicOS SSLVPN and Virtual assist service authenticated buffer overflow leads to firewall crash

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service DoS in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...

Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow and potentially execute arbitrary code

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE:...

SonicOS out-of-bound invalid file reference leads to firewall crash

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5134 Last updated: Oct. 20, 2020, 9 a.m...

Unauthenticated Denial of Service (DoS) vulnerability in the SonicOS due to buffer overflow leads to firewall crash

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v. CVE: CVE-2020-5133 Last updated: Oct. 20, 2020, 8:56 a....

SonicWall SSL-VPN Products security misconfiguration leads to possible domain name collision vulnerability

SonicWall SSL-VPN products web interface has the option to publicly display their organization’s internal domain names in the Domain drop-down menu. An attacker with knowledge of an organization’s internal domain name can potentially take advantage of a DNS flaw known as domain name collision.A...

Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API

An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...

SonicOS SSLVPN External Service Interaction (DNS) Vulnerability

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. CVE: CVE-2020-5130 Last updated: July 16, 2020, 9:26 a.m...

SonicWall NetExtender arbitrary file write vulnerability

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. CVE: CVE-2020-5131 Last updated: July 16, 2020, 9:01 a.m...

SonicWall SMA1000 HTTP Extraweb server Denial of Service vulnerability

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. CVE: CVE-2020-5129 Last updated: March 25, 2020, 8 p.m...

Kr00k WiFi Vulnerability

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

Global Management System (GMS) Unauthorized User SQL Injection

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. CVE: CVE-2019-7478 Last updated: Dec. 30, 2019, 8 p.m...

SonicOS and SonicOSv Read-only Admin Can Elevate to Config Mode

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n a...

Email Security Weak Default Credential

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance up to 10.0.2, 9.2.3 and earlier. CVE: CVE-2019-7488 Last updated: Dec. 23, 2019, 8 p.m...

Email Security Unauthenticated Remote Code Execution

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. CVE: CVE-2019-7489 Last updated: Dec. 23, 2019, 8 p.m...

SonicOS SSLVPN NACAgent 3.5 windows binary is vulnerable to Unquoted Service Path Privilege Escalation vulnerability

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. CVE: CVE-2019-7487 Last updated: Dec. 18, 2019, 10:11 p.m...

SonicWall SMA100 Authenticated Code injection

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. CVE: CVE-2019-7486 Last updated: March 6, 2020, 5:42 a.m...

SonicWall SMA100 Authenticated Buffer Overflow

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7485 Last updated: March 6, 2020, 4:42 a.m...

SonicWall SMA100 Authenticated SQL injection

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7484 Last updated: March 6, 2020, 4:42 a.m...

SonicWall SMA100 Pre-authentication directory traversal

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE: CVE-2019-7483 Last updated: March 6, 2020, 4:42 a.m...

SonicWall SMA100 Pre-authentication stack buffer overflow

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7482 Last updated: March 6, 2020, 4:42 a.m...

SonicWall SMA100 Pre-Authentication SQL Injection

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. CVE: CVE-2019-7481 Last updated: March 6, 2020, 4:42 a.m...

Several pre-auth vulnerability in enterprise SSL VPN

Critical vulnerabilities in enterprise virtual private network VPN solutions from Palo Alto Networks, Fortinet and Pulse Secure allow attackers to infiltrate corporate networks, obtain sensitive information, and eavesdrop on communications, researchers warn SonicWall products are not vulnerable t...

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

Multiple VPN applications insecurely store session cookies

A research of Software Engineering Institute of the Carnegie Mellon University shows that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CVE: CVE-2019-1573 CVE-2016-8201 Last updated: April 12, 2019, 8:17 p.m...

SonicWall Global Management System (GMS) Deprecated SSH keys Vulnerability

A vulnerability in SonicWall Global Management System GMS, allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. CVE: CVE-2019-7476 Last updated: April 26, 2019, 11 a.m...

SonicOS Unprivileged User Access ARS

A vulnerability in SonicOS with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...

SonicOS & SonicOSv CBC Cipher TLS Padding Vulnerability

A vulnerability in SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8,...

SonicOS Download Certificate in Admin GUI Could Cause System Instability

A vulnerability in SonicOS allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0,...

Administrators without full permissions can download imported certificates

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Ge...

libssh Authentication Bypass Vulnerability

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE: CVE-2018-10933 Last updated: Oct. 19, 2018, midnight...