Vulnerabilities > Sonicwall > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-40766 | Unspecified vulnerability in Sonicwall Sonicos An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. | 9.8 |
| 2024-02-08 | CVE-2024-22394 | Improper Authentication vulnerability in Sonicwall Sonicos 7.1.17040 An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | 9.8 |
| 2023-07-13 | CVE-2023-34132 | Unspecified vulnerability in Sonicwall Analytics and Global Management System Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. | 9.8 |
| 2023-07-13 | CVE-2023-34136 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. | 9.8 |
| 2023-07-13 | CVE-2023-34137 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. | 9.8 |
| 2023-07-13 | CVE-2023-34130 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. | 9.8 |
| 2023-07-13 | CVE-2023-34124 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. | 9.8 |
| 2023-07-13 | CVE-2023-34128 | Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. | 9.8 |
| 2022-06-08 | CVE-2022-1703 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | 9.0 |
| 2022-05-13 | CVE-2022-22282 | Unspecified vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | 9.8 |