Sonicos Security Vulnerabilities and Issues — Sonicos CVE List

Lucene search

SonicwallSonicos

11 matches found

CVE•added 2024/07/09 12:15 p.m.•4336 views

CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

9CVSS6.4AI score0.0084EPSS

CVE•added 2020/10/12 11:15 a.m.•1445 views

CVE-2020-5135

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 versio...

9.8CVSS9.7AI score0.32754EPSS

CVE•added 2024/08/23 7:15 a.m.•340 views

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 dev...

9.8CVSS6.7AI score0.18328EPSS

CVE•added 2019/08/09 8:15 p.m.•273 views

CVE-2019-12255

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.

9.8CVSS9.3AI score0.82379EPSS

CVE•added 2022/03/25 11:15 p.m.•255 views

CVE-2022-22274

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

9.8CVSS9.8AI score0.38648EPSS

CVE•added 2019/08/09 9:15 p.m.•252 views

CVE-2019-12261

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.

9.8CVSS9.2AI score0.17176EPSS

CVE•added 2019/08/09 9:15 p.m.•207 views

CVE-2019-12260

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

9.8CVSS9.3AI score0.26195EPSS

CVE•added 2025/01/09 7:15 a.m.•197 views

CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

9.8CVSS7.3AI score0.93819EPSS

CVE•added 2019/08/09 6:15 p.m.•134 views

CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

9.8CVSS9.5AI score0.17708EPSS

CVE•added 2024/02/08 2:15 a.m.•93 views

CVE-2024-22394

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.

9.8CVSS9.4AI score0.00863EPSS

CVE•added 2019/04/02 6:30 p.m.•42 views

CVE-2019-7475

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, ...

9.8CVSS9.2AI score0.00205EPSS