Vulnerabilities > Sonicwall
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-34130 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. | 9.8 |
| 2023-07-13 | CVE-2023-34124 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. | 9.8 |
| 2023-07-13 | CVE-2023-34125 | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. | 6.5 |
| 2023-07-13 | CVE-2023-34126 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. | 8.8 |
| 2023-07-13 | CVE-2023-34127 | OS Command Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. | 8.8 |
| 2023-07-13 | CVE-2023-34128 | Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. | 9.8 |
| 2023-07-13 | CVE-2023-34123 | Use of Hard-coded Credentials vulnerability in Sonicwall Analytics and Global Management System Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. | 7.5 |
| 2023-04-15 | CVE-2022-47522 | Authentication Bypass by Spoofing vulnerability in multiple products The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. | 7.5 |
| 2023-03-02 | CVE-2023-0656 | Out-of-bounds Write vulnerability in Sonicwall Sonicos A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | 7.5 |
| 2023-03-02 | CVE-2023-1101 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. | 8.8 |