Sonicos Security Vulnerabilities and Issues — Sonicos CVE List

Lucene search

SonicwallSonicos

11 matches found

CVE•added 2021/03/25 3:15 p.m.•749 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15517EPSS

CVE•added 2019/08/09 7:15 p.m.•146 views

CVE-2019-12265

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

5.3CVSS7AI score0.16528EPSS

CVE•added 2022/04/27 5:15 p.m.•67 views

CVE-2022-22276

A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.

5.3CVSS5.1AI score0.00164EPSS

CVE•added 2022/04/27 5:15 p.m.•66 views

CVE-2022-22277

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.

5.3CVSS5.2AI score0.00164EPSS

CVE•added 2020/09/30 6:15 a.m.•62 views

CVE-2020-5132

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of in...

5.3CVSS5.3AI score0.0014EPSS

CVE•added 2024/03/14 4:15 a.m.•62 views

CVE-2024-22396

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

5.3CVSS8.1AI score0.01586EPSS

CVE•added 2020/10/12 11:15 a.m.•60 views

CVE-2020-5143

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen...

5.3CVSS5.3AI score0.00265EPSS

CVE•added 2018/01/08 9:29 a.m.•49 views

CVE-2018-5281

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.

5.4CVSS5.3AI score0.00301EPSS

CVE•added 2018/01/08 9:29 a.m.•41 views

CVE-2018-5280

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

5.4CVSS5.2AI score0.00302EPSS

CVE•added 2019/02/19 9:29 p.m.•29 views

CVE-2018-9867

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen ...

5.5CVSS5.4AI score0.00022EPSS

CVE•added 2020/07/17 6:15 p.m.•28 views

CVE-2020-5130

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.

5.3CVSS5.4AI score0.00293EPSS