Vulnerabilities > Sonicwall

DATE CVE VULNERABILITY TITLE RISK
2024-08-23 CVE-2024-40766 Unspecified vulnerability in Sonicwall Sonicos
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash.
network
low complexity
sonicwall
critical
9.8
2024-07-18 CVE-2024-29014 Unspecified vulnerability in Sonicwall Netextender
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
network
low complexity
sonicwall
8.8
2024-07-18 CVE-2024-40764 Out-of-bounds Write vulnerability in Sonicwall Sonicos
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
network
low complexity
sonicwall CWE-787
7.5
2024-06-20 CVE-2024-29012 Out-of-bounds Write vulnerability in Sonicwall Sonicos
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
network
low complexity
sonicwall CWE-787
7.5
2024-06-20 CVE-2024-29013 Out-of-bounds Write vulnerability in Sonicwall Sonicos
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
network
low complexity
sonicwall CWE-787
6.5
2024-02-24 CVE-2024-22395 Unspecified vulnerability in Sonicwall products
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
network
low complexity
sonicwall
6.3
2024-02-08 CVE-2024-22394 Improper Authentication vulnerability in Sonicwall Sonicos 7.1.17040
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.
network
low complexity
sonicwall CWE-287
critical
9.8
2024-01-18 CVE-2023-6340 Out-of-bounds Write vulnerability in Sonicwall Capture Client and Netextender
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver.
local
low complexity
sonicwall CWE-787
5.5
2023-12-05 CVE-2023-44221 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
network
low complexity
sonicwall CWE-78
7.2
2023-12-05 CVE-2023-5970 Improper Authentication vulnerability in Sonicwall products
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
network
low complexity
sonicwall CWE-287
8.8