Latest sonicwall sonicos Vulnerabilities

CVE-2024-22394
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue aff...
SonicWall SonicOS=7.1.1-7040
Sonicwall Nsa 2700
Sonicwall Nsa 3700
Sonicwall Nsa 4700
Sonicwall Nsa 5700
Sonicwall Nsa 6700
and 16 more
CVE-2023-41711
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-41715
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-41713
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-41712
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39279
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39277
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39280
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39276
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39278
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-0656
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
SonicWall SonicOS<=7.0.1-5111
Sonicwall Nsa 2700
Sonicwall Nsa 3700
Sonicwall Nsa 4700
Sonicwall Nsa 5700
Sonicwall Nsa 6700
and 30 more
CVE-2022-22274
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the fi...
SonicWall SonicOS<=7.0.1-5050
Sonicwall Nsa 2700
Sonicwall Nsa 3700
Sonicwall Nsa 4700
Sonicwall Nsa 5700
Sonicwall Nsa 6700
and 30 more
CVE-2021-20046
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in th...
SonicWall SonicOS<=7.0.1-r146
Sonicwall Nsa 2650
Sonicwall Nsa 2700
Sonicwall Nsa 3650
Sonicwall Nsa 3700
Sonicwall Nsa 4650
and 59 more
CVE-2021-20031
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
SonicWall SonicOS<=7.0.1-r1262
Sonicwall Nsa 2650
Sonicwall Nsa 2700
Sonicwall Nsa 3650
Sonicwall Nsa 3700
Sonicwall Nsa 4650
and 59 more
CVE-2021-20019
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
SonicWall SonicOS>=7.0.0<7.0.0.376
SonicWall SonicOS>=7.0.1<7.0.1-r1036
SonicWall SonicOS=6.0.5.3-94o
SonicWall SonicOS=6.5.1.12-3n
SonicWall SonicOS=6.5.4.7-83n
Sonicwall Sonicosv=6.5.4.4-44v-21-955
CVE-2021-20027
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platf...
SonicWall SonicOS<=7.0.1-r1262
Sonicwall Nsa 2650
Sonicwall Nsa 2700
Sonicwall Nsa 3650
Sonicwall Nsa 3700
Sonicwall Nsa 4650
and 60 more
CVE-2021-3450
OpenSSL could allow a remote attacker to bypass security restrictions, caused by a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any v...
rust/openssl-src>=111.11.0<111.15.0
IBM Security Verify Access<=10.0.0
OpenSSL OpenSSL>=1.1.1h<1.1.1k
FreeBSD FreeBSD=12.2
FreeBSD FreeBSD=12.2-p1
FreeBSD FreeBSD=12.2-p2
and 52 more
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it...
rust/openssl-src<111.15.0
debian/openssl
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
OpenSSL OpenSSL>=1.1.1<1.1.1k
and 202 more
CVE-2020-5142
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in th...
SonicWall SonicOS<=5.9.1.13
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5143
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS ...
SonicWall SonicOS<=5.9.1.13
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5140
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses l...
SonicWall SonicOS<=5.9.1.13
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5138
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability aff...
SonicWall SonicOS<=5.9.1.13
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5134
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3,...
SonicWall SonicOS<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5137
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affe...
SonicWall SonicOS<=5.9.1.13
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5133
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 versio...
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5139
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerabil...
SonicWall SonicOS<=5.9.1.13
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5136
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerabili...
SonicWall SonicOS<=5.9.1.13
SonicWall SonicOS>=6.0.0.0<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5135
SonicWall SonicOS Buffer Overflow Vulnerability
SonicWall SonicOS<=6.0.5.3
SonicWall SonicOS>=6.5.0.0<=6.5.1.11
SonicWall SonicOS>=6.5.4.0<=6.5.4.7
SonicWall SonicOS=7.0.0.0
Sonicwall Sonicosv<=6.5.4.4
CVE-2020-5132
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organi...
Sonicwall Sma100 Firmware=10.2.0.2-20sv
Sonicwall Sma100 Firmware=12.4.0-2223
SonicWall SMA100
SonicWall SonicOS=6.5.4.6-79n
CVE-2020-5130
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n a...
SonicWall SonicOS<=6.5.4.4-44n
CVE-2019-7479
A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6...
SonicWall SonicOS<=5.9.1.12-4o
SonicWall SonicOS=6.2.7.4-32n
SonicWall SonicOS=6.2.7.10-3n
SonicWall SonicOS=6.4.1.0-3n
SonicWall SonicOS=6.5.1.4-4n
SonicWall SonicOS=6.5.1.9-4n
and 7 more
CVE-2019-7487
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent ...
SonicWall SonicOS<=6.5.3.3
Sonicwall Sonicos Sslvpn Nacagent=3.5
Microsoft Windows
CVE-2019-12261
Windriver Vxworks>=6.5<6.9.4.12
Windriver Vxworks=7.0
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 65 more
CVE-2019-12260
Windriver Vxworks>=6.5<6.9.4.12
Windriver Vxworks=7.0
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 65 more
CVE-2019-12258
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
Windriver Vxworks>=6.5<6.9.4.12
Windriver Vxworks=7.0
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 64 more
CVE-2019-12255
Windriver Vxworks>=6.5<6.9.4
NetApp E-Series SANtricity OS Controller>=8.00<=8.40.50.00
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 65 more
CVE-2019-12263
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
Windriver Vxworks>=6.5<6.9.4.12
Windriver Vxworks=7.0
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 64 more
CVE-2019-12259
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
Windriver Vxworks>=6.5<6.9.4.12
Windriver Vxworks=7.0
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 64 more
CVE-2019-12265
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership ...
Windriver Vxworks>=6.5<6.9.4.12
Windriver Vxworks=7.0
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 64 more
CVE-2019-12256
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.
Windriver Vxworks>=6.5<6.9.4.12
NetApp E-Series SANtricity OS Controller>=8.00<=8.40.50.00
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
and 63 more
CVE-2019-12257
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
Windriver Vxworks>=6.5<6.9.4
SonicWall SonicOS>=5.9.0.0<=5.9.0.7
SonicWall SonicOS>=5.9.1.0.<=5.9.1.12
SonicWall SonicOS>=6.2.0.0<=6.2.3.1
SonicWall SonicOS>=6.2.4.0<=6.2.4.3
SonicWall SonicOS>=6.2.5.0<=6.2.5.3
and 59 more
CVE-2019-7474
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability...
SonicWall SonicOS<=5.9.1.10
SonicWall SonicOS=6.0.5.3-86o
SonicWall SonicOS=6.2.7.3
SonicWall SonicOS=6.2.7.8
SonicWall SonicOS=6.4.0.0
SonicWall SonicOS=6.5.1.3
and 7 more
CVE-2019-7475
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected Soni...
SonicWall SonicOS<=5.9.1.10
SonicWall SonicOS=6.0.5.3-86o
SonicWall SonicOS=6.2.7.3
SonicWall SonicOS=6.2.7.8
SonicWall SonicOS=6.4.0.0
SonicWall SonicOS=6.5.1.3
and 7 more
CVE-2018-9867
SonicWall SonicOS>=5.0.0.0<=5.9.1.10
SonicWall SonicOS=6.0.5.3-86o
SonicWall SonicOS=6.2.7.3
SonicWall SonicOS=6.2.7.8
SonicWall SonicOS=6.4.0.0
SonicWall SonicOS=6.5.1.3
and 7 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203