Sonicwall: Security Vulnerabilities
CVE-2024-40766
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Known exploited
CVSS Score
9.8
EPSS Score
0.094
Published
2024-08-23
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
CVSS Score
8.8
EPSS Score
0.01
Published
2024-07-18
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.062
Published
2024-07-18
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVSS Score
9.0
EPSS Score
0.19
Published
2024-07-09
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
CVSS Score
7.5
EPSS Score
0.025
Published
2024-06-20
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
CVSS Score
6.5
EPSS Score
0.025
Published
2024-06-20
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
CVSS Score
6.3
EPSS Score
0.004
Published
2024-02-24
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.
This issue affects only firmware version SonicOS 7.1.1-7040.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-02-08
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-01-18
CVE-2023-44221
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
Known exploited
CVSS Score
7.2
EPSS Score
0.285
Published
2023-12-05