Vulnerabilities > Sonicwall

DATE CVE VULNERABILITY TITLE RISK
2022-06-08 CVE-2022-1703 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
network
low complexity
sonicwall CWE-78
critical
9.0
2022-05-13 CVE-2022-1701 Use of Hard-coded Credentials vulnerability in Sonicwall products
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
network
low complexity
sonicwall CWE-798
5.0
2022-05-13 CVE-2022-1702 Open Redirect vulnerability in Sonicwall products
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
network
sonicwall CWE-601
5.8
2022-05-13 CVE-2022-22281 Classic Buffer Overflow vulnerability in Sonicwall Netextender
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
local
low complexity
sonicwall CWE-120
7.2
2022-05-13 CVE-2022-22282 Missing Authorization vulnerability in Sonicwall products
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.
network
low complexity
sonicwall CWE-862
7.5
2022-05-04 CVE-2021-20051 Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314/4.10.6
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components.
6.9
2022-04-27 CVE-2022-22275 Unspecified vulnerability in Sonicwall Sonicos 7.0.0.0/7.0.1.0
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.
network
low complexity
sonicwall
5.0
2022-04-27 CVE-2022-22276 Information Exposure vulnerability in Sonicwall products
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.
network
low complexity
sonicwall CWE-200
5.0
2022-04-27 CVE-2022-22277 Information Exposure vulnerability in Sonicwall products
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.
network
low complexity
sonicwall CWE-200
5.0
2022-04-27 CVE-2022-22278 Allocation of Resources Without Limits or Throttling vulnerability in Sonicwall products
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack
network
low complexity
sonicwall CWE-770
5.0