Latest Sonicwall Vulnerabilities

CVE-2023-40057
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23477
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23476
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23478
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23479
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-22394
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue aff...
SonicWall SonicOS=7.1.1-7040
Sonicwall Nsa 2700
Sonicwall Nsa 3700
Sonicwall Nsa 4700
Sonicwall Nsa 5700
Sonicwall Nsa 6700
and 16 more
CVE-2023-6340
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Ser...
SonicWall Capture Client<=3.7.10
SonicWall NetExtender Windows<=10.2.337
CVE-2023-5970
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypa...
Sonicwall Sma 200 Firmware<=10.2.1.9-57sv
Sonicwall Sma 200
Sonicwall Sma 210 Firmware<=10.2.1.9-57sv
Sonicwall Sma 210
Sonicwall Sma 400 Firmware<=10.2.1.9-57sv
Sonicwall Sma 400
and 4 more
CVE-2023-44221
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' u...
Sonicwall Sma 200 Firmware<=10.2.1.9-57sv
Sonicwall Sma 200
Sonicwall Sma 210 Firmware<=10.2.1.9-57sv
Sonicwall Sma 210
Sonicwall Sma 400 Firmware<=10.2.1.9-57sv
Sonicwall Sma 400
and 4 more
CVE-2023-44220
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a loca...
SonicWall NetExtender Windows<=10.2.336
CVE-2023-44219
SonicWall Directory Services Connector<4.1.22
Microsoft Windows
CVE-2023-41711
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-41713
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-41712
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-41715
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39279
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39277
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39278
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39280
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-39276
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
SonicWall SonicOS<7.0.1-5145
Sonicwall Nsa2700
Sonicwall Nsa3700
Sonicwall Nsa4700
Sonicwall Nsa5700
Sonicwall Nsa6700
and 57 more
CVE-2023-44218
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege...
SonicWall NetExtender Windows<=10.2.336
CVE-2023-44217
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running ...
SonicWall NetExtender Windows<=10.2.336
CVE-2023-34134
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This i...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34137
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 an...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34136
Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier vers...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34133
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information fr...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34131
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3....
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34132
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34135
Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3....
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34129
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extrac...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34130
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 a...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34124
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34127
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary co...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34128
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34126
Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions;...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34125
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and ea...
SonicWall Analytics<=2.5.0.4-r7
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
CVE-2023-34123
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System<9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2
SonicWALL Global Management System=9.3.2-sp1
SonicWALL Global Management System=9.3.2-sp1
and 2 more
CVE-2022-47522
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save fra...
Ieee Ieee 802.11
Sonicwall Tz670 Firmware
Sonicwall Tz670
Sonicwall Tz570 Firmware
Sonicwall Tz570
Sonicwall Tz570p Firmware
and 53 more
CVE-2023-0656
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
SonicWall SonicOS<=7.0.1-5111
Sonicwall Nsa 2700
Sonicwall Nsa 3700
Sonicwall Nsa 4700
Sonicwall Nsa 5700
Sonicwall Nsa 6700
and 30 more
CVE-2023-0655
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
SonicWall Email Security<=10.0.19.7431
CVE-2021-20030
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
SonicWALL Global Management System<9.3.2
CVE-2022-2915
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execut...
Sonicwall Sma 200 Firmware<=10.2.1.5-34sv
Sonicwall Sma 200
Sonicwall Sma 210 Firmware<=10.2.1.5-34sv
Sonicwall Sma 210
Sonicwall Sma 400 Firmware<=10.2.1.5-34sv
Sonicwall Sma 400
and 4 more
CVE-2022-22280
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and...
SonicWall Analytics<=2.5.0.3-2520
SonicWALL Global Management System<9.3.1
SonicWALL Global Management System=9.3.1
CVE-2022-2324
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and...
SonicWall Email Security<=10.0.17.7319
CVE-2022-2323
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch...
Sonicwall Sws12-10fpoe Firmware<1.2.0.0-3
Sonicwall Sws12-10fpoe
Sonicwall Sws12-8 Firmware<1.2.0.0-3
Sonicwall Sws12-8
Sonicwall Sws12-8poe Firmware<1.2.0.0-3
Sonicwall Sws12-8poe
and 8 more
CVE-2022-1703
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote c...
Sonicwall Sma 210 Firmware<=10.2.1.4-31sv
Sonicwall Sma 210
Sonicwall Sma 410 Firmware<=10.2.1.4-31sv
Sonicwall Sma 410
Sonicwall Sma 500v Firmware<=10.2.1.4-31sv
Sonicwall Sma 500v
and 3 more
CVE-2022-22281
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the ho...
SonicWall NetExtender Windows<=10.2.322
CVE-2022-22282
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Cont...
Sonicwall Sma 6200 Firmware=12.4.0
Sonicwall Sma 6200 Firmware=12.4.1
Sonicwall Sma 6200
Sonicwall Sma 6210 Firmware=12.4.0
Sonicwall Sma 6210 Firmware=12.4.1
Sonicwall Sma 6210
and 9 more
CVE-2022-1701
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
Sonicwall Sma 6200 Firmware=12.4.0
Sonicwall Sma 6200 Firmware=12.4.1
Sonicwall Sma 6200
Sonicwall Sma 6210 Firmware=12.4.0
Sonicwall Sma 6210 Firmware=12.4.1
Sonicwall Sma 6210
and 9 more
CVE-2022-1702
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Ope...
Sonicwall Sma 6200 Firmware=12.4.0
Sonicwall Sma 6200 Firmware=12.4.1
Sonicwall Sma 6200
Sonicwall Sma 6210 Firmware=12.4.0
Sonicwall Sma 6210 Firmware=12.4.1
Sonicwall Sma 6210
and 9 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203