Vulnerabilities > Sonicwall
|2023-04-15||CVE-2022-47522|| Authentication Bypass by Spoofing vulnerability in multiple products |
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context.
| 7.5 |
|2023-03-02||CVE-2023-0656|| Out-of-bounds Write vulnerability in Sonicwall Sonicos |
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
| 7.5 |
|2023-03-02||CVE-2023-1101|| Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos |
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.
| 8.8 |
|2023-02-14||CVE-2023-0655|| Information Exposure Through an Error Message vulnerability in Sonicwall Email Security 10.0.9 |
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
| 5.3 |
|2023-01-19||CVE-2023-0126|| Path Traversal vulnerability in Sonicwall Sma1000 Firmware 12.4.2 |
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
| 7.5 |
|2022-10-13||CVE-2021-20030|| Path Traversal vulnerability in Sonicwall Global Management System |
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
| 7.5 |
|2022-06-08||CVE-2022-1703|| OS Command Injection vulnerability in Sonicwall products |
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
| 9.0 |
|2022-05-13||CVE-2022-1701|| Use of Hard-coded Credentials vulnerability in Sonicwall products |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.
| 7.5 |
|2022-05-13||CVE-2022-1702|| Open Redirect vulnerability in Sonicwall products |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
| 6.1 |
|2022-05-13||CVE-2022-22281|| Classic Buffer Overflow vulnerability in Sonicwall Netextender |
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
| 7.2 |