Vulnerabilities > Sonicwall > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-18 CVE-2024-29014 Unspecified vulnerability in Sonicwall Netextender
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
network
low complexity
sonicwall
8.8
2024-07-18 CVE-2024-40764 Out-of-bounds Write vulnerability in Sonicwall Sonicos
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
network
low complexity
sonicwall CWE-787
7.5
2024-06-20 CVE-2024-29012 Out-of-bounds Write vulnerability in Sonicwall Sonicos
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
network
low complexity
sonicwall CWE-787
7.5
2023-12-05 CVE-2023-44221 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
network
low complexity
sonicwall CWE-78
7.2
2023-12-05 CVE-2023-5970 Improper Authentication vulnerability in Sonicwall products
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
network
low complexity
sonicwall CWE-287
8.8
2023-10-27 CVE-2023-44219 Improper Privilege Management vulnerability in Sonicwall Directory Services Connector
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.
local
low complexity
sonicwall CWE-269
7.8
2023-10-27 CVE-2023-44220 Uncontrolled Search Path Element vulnerability in Sonicwall Netextender
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component.
local
low complexity
sonicwall CWE-427
7.3
2023-10-17 CVE-2023-41713 Use of Hard-coded Credentials vulnerability in Sonicwall Sonicos
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
network
low complexity
sonicwall CWE-798
7.5
2023-10-17 CVE-2023-41715 Improper Privilege Management vulnerability in Sonicwall Sonicos
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
network
low complexity
sonicwall CWE-269
8.8
2023-10-03 CVE-2023-44217 Unspecified vulnerability in Sonicwall Netextender
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
local
low complexity
sonicwall
7.8