Sonicwall Security Vulnerabilities
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
7.5CVSS
7.6AI Score
0.002EPSS
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
7.5CVSS
7.7AI Score
0.002EPSS
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
6.1CVSS
6.1AI Score
0.017EPSS
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.
9.8CVSS
9.6AI Score
0.005EPSS
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
9.1CVSS
9.2AI Score
0.701EPSS
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
6.5CVSS
6.4AI Score
0.002EPSS
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
7.8CVSS
7.9AI Score
0.0004EPSS
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware ...
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
7.5CVSS
8.5AI Score
0.002EPSS
An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
7.5CVSS
8.5AI Score
0.003EPSS
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
9.8CVSS
9.4AI Score
0.004EPSS
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
8.8CVSS
9.2AI Score
0.002EPSS
A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
8.8CVSS
9.2AI Score
0.002EPSS
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
9.8CVSS
9.7AI Score
0.004EPSS
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
8.8CVSS
8.6AI Score
0.004EPSS
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.
7.8CVSS
7.8AI Score
0.001EPSS
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
8.8CVSS
8.7AI Score
0.004EPSS
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
7.5CVSS
7.6AI Score
0.002EPSS
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
7.5CVSS
7.9AI Score
0.002EPSS
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
7.8CVSS
7.5AI Score
0.001EPSS
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
7.8CVSS
7.9AI Score
0.002EPSS
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...
5.9CVSS
6.5AI Score
0.005EPSS
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...
7.4CVSS
7.4AI Score
0.002EPSS
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context L...
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page c...
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
7.5CVSS
7.9AI Score
0.001EPSS
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
6.1CVSS
6.8AI Score
0.001EPSS
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
8.8CVSS
8.3AI Score
0.002EPSS
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlie...
9.8CVSS
9.6AI Score
0.001EPSS
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
9.8CVSS
9.8AI Score
0.004EPSS
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.
5.3CVSS
5.1AI Score
0.001EPSS
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.
5.3CVSS
5.2AI Score
0.001EPSS
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
7.5CVSS
7.3AI Score
0.001EPSS
A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Acces...
4.9CVSS
5.3AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
9.8CVSS
9.8AI Score
0.001EPSS
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
7.8CVSS
7.9AI Score
0.001EPSS
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.
9.8CVSS
9.3AI Score
0.002EPSS
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions
8.8CVSS
8.8AI Score
0.002EPSS
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions
7.5CVSS
7.5AI Score
0.001EPSS
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.
8.8CVSS
8.5AI Score
0.002EPSS
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication ...
7.5CVSS
6.5AI Score
0.001EPSS
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
7.5CVSS
7.5AI Score
0.279EPSS
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
5.3CVSS
5.2AI Score
0.001EPSS
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
7.5CVSS
8.1AI Score
0.002EPSS
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.
8.8CVSS
8.4AI Score
0.001EPSS