Vulnerabilities > Sonicwall

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-34129 Path Traversal vulnerability in Sonicwall Analytics and Global Management System
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges.
network
low complexity
sonicwall CWE-22
8.8
2023-07-13 CVE-2023-34130 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data.
network
low complexity
sonicwall CWE-327
critical
9.8
2023-07-13 CVE-2023-34124 Improper Authentication vulnerability in Sonicwall Analytics and Global Management System
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.
network
low complexity
sonicwall CWE-287
critical
9.8
2023-07-13 CVE-2023-34125 Path Traversal vulnerability in Sonicwall Analytics and Global Management System
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges.
network
low complexity
sonicwall CWE-22
6.5
2023-07-13 CVE-2023-34126 Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System
Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges.
network
low complexity
sonicwall CWE-434
8.8
2023-07-13 CVE-2023-34127 OS Command Injection vulnerability in Sonicwall Analytics and Global Management System
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges.
network
low complexity
sonicwall CWE-78
8.8
2023-07-13 CVE-2023-34128 Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.
network
low complexity
sonicwall CWE-522
critical
9.8
2023-07-13 CVE-2023-34123 Use of Hard-coded Credentials vulnerability in Sonicwall Analytics and Global Management System
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics.
network
low complexity
sonicwall CWE-798
7.5
2023-04-15 CVE-2022-47522 Authentication Bypass by Spoofing vulnerability in multiple products
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context.
high complexity
ieee sonicwall CWE-290
7.5
2023-03-02 CVE-2023-0656 Out-of-bounds Write vulnerability in Sonicwall Sonicos
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
network
low complexity
sonicwall CWE-787
7.5