Vulnerabilities > Sonicwall > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-23 | CVE-2024-40766 | Unspecified vulnerability in Sonicwall Sonicos An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. | 9.8 |
| 2024-02-08 | CVE-2024-22394 | Improper Authentication vulnerability in Sonicwall Sonicos 7.1.17040 An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | 9.8 |
| 2023-07-13 | CVE-2023-34132 | Unspecified vulnerability in Sonicwall Analytics and Global Management System Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. | 9.8 |
| 2023-07-13 | CVE-2023-34136 | Unrestricted Upload of File with Dangerous Type vulnerability in Sonicwall Analytics and Global Management System Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. | 9.8 |
| 2023-07-13 | CVE-2023-34137 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. | 9.8 |
| 2023-07-13 | CVE-2023-34130 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sonicwall Analytics and Global Management System SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. | 9.8 |
| 2023-07-13 | CVE-2023-34124 | Improper Authentication vulnerability in Sonicwall Analytics and Global Management System The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. | 9.8 |
| 2023-07-13 | CVE-2023-34128 | Insufficiently Protected Credentials vulnerability in Sonicwall Analytics and Global Management System Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. | 9.8 |
| 2022-07-29 | CVE-2022-22280 | SQL Injection vulnerability in Sonicwall Analytics and Global Management System Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | 9.8 |
| 2022-05-13 | CVE-2022-22282 | Unspecified vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | 9.8 |