Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-17 | CVE-2023-41715 | Improper Privilege Management vulnerability in Sonicwall Sonicos SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | 8.8 |
| 2023-10-03 | CVE-2023-44217 | Unspecified vulnerability in Sonicwall Netextender A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. | 7.8 |
| 2023-10-03 | CVE-2023-44218 | Unspecified vulnerability in Sonicwall Netextender A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. | 7.8 |
| 2023-07-13 | CVE-2023-34131 | Unspecified vulnerability in Sonicwall Analytics and Global Management System Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. | 5.3 |
| 2023-07-13 | CVE-2023-34132 | Unspecified vulnerability in Sonicwall Analytics and Global Management System Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. | 9.8 |
| 2023-07-13 | CVE-2023-34133 | SQL Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. | 7.5 |
| 2023-07-13 | CVE-2023-34134 | Unspecified vulnerability in Sonicwall Analytics and Global Management System Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. | 6.5 |
| 2023-07-13 | CVE-2023-34135 | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. | 6.5 |
| 2023-07-13 | CVE-2023-34136 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. | 9.8 |
| 2023-07-13 | CVE-2023-34137 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. | 9.8 |