Vulnerabilities > Sonicwall

DATE CVE VULNERABILITY TITLE RISK
2021-10-12 CVE-2021-20031 Open Redirect vulnerability in Sonicwall Sonicos
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
network
sonicwall CWE-601
5.8
2021-09-27 CVE-2021-20034 Improper Privilege Management vulnerability in Sonicwall products
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
network
low complexity
sonicwall CWE-269
6.4
2021-09-27 CVE-2021-20035 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
network
low complexity
sonicwall CWE-78
6.8
2021-09-21 CVE-2021-20037 Incorrect Default Permissions vulnerability in Sonicwall Global VPN Client 4.10.4.0314
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system.
local
low complexity
sonicwall CWE-276
7.2
2021-08-04 CVE-2021-20028 SQL Injection vulnerability in Sonicwall products
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.
network
low complexity
sonicwall CWE-89
7.5
2021-07-09 CVE-2021-20024 Out-of-bounds Read vulnerability in Sonicwall Switch
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations.
low complexity
sonicwall CWE-125
6.8
2021-06-23 CVE-2021-20019 Information Exposure vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
network
low complexity
sonicwall CWE-200
5.0
2021-06-14 CVE-2021-20027 Classic Buffer Overflow vulnerability in Sonicwall Sonicos
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request.
network
low complexity
sonicwall CWE-120
5.0
2021-05-27 CVE-2021-20026 OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request.
network
low complexity
sonicwall CWE-78
critical
9.0
2021-05-13 CVE-2021-20025 Use of Hard-coded Credentials vulnerability in Sonicwall Email Security Virtual Appliance
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup.
6.9