Vulnerabilities > Sonicwall > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-40766 | Unspecified vulnerability in Sonicwall Sonicos An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. | 9.8 |
| 2024-07-09 | CVE-2024-3596 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | 9.0 |
| 2024-02-08 | CVE-2024-22394 | Improper Authentication vulnerability in Sonicwall Sonicos 7.1.17040 An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | 9.8 |
| 2023-07-13 | CVE-2023-34132 | Unspecified vulnerability in Sonicwall Analytics and Global Management System Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. | 9.8 |
| 2023-07-13 | CVE-2023-34136 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. | 9.8 |
| 2023-07-13 | CVE-2023-34137 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. | 9.8 |
| 2023-07-13 | CVE-2023-34130 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. | 9.8 |
| 2023-07-13 | CVE-2023-34124 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. | 9.8 |
| 2023-07-13 | CVE-2023-34128 | Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. | 9.8 |
| 2022-07-29 | CVE-2022-22280 | SQL Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | 9.8 |