Vulnerabilities > Sonicwall > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-12 CVE-2021-20031 Open Redirect vulnerability in Sonicwall Sonicos
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
network
low complexity
sonicwall CWE-601
6.1
2021-09-27 CVE-2021-20035 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
network
low complexity
sonicwall CWE-78
6.5
2021-04-20 CVE-2021-20023 Path Traversal vulnerability in Sonicwall Email Security and Hosted Email Security
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
network
low complexity
sonicwall CWE-22
4.9
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-03-13 CVE-2021-20018 Improper Authentication vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address.
network
low complexity
sonicwall CWE-287
4.9
2021-01-09 CVE-2020-5147 Unquoted Search Path or Element vulnerability in Sonicwall Netextender
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system.
local
low complexity
sonicwall CWE-428
5.3
2020-10-12 CVE-2020-5143 Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses.
network
low complexity
sonicwall CWE-203
5.3
2020-10-12 CVE-2020-5142 Cross-site Scripting vulnerability in Sonicwall Sonicos and Sonicosv
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface.
network
low complexity
sonicwall CWE-79
6.1
2020-10-12 CVE-2020-5141 Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos and Sonicosv
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service.
network
low complexity
sonicwall CWE-307
6.5
2020-10-12 CVE-2020-5136 Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash.
network
low complexity
sonicwall CWE-120
6.5