Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonicwall vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22398
An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance f...
NA
CVE-2024-22394
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote malicious user to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.
Sonicwall Sonicos 7.1.1-7040
NA
CVE-2023-6340
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and previous versions versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.
Sonicwall Netextender
Sonicwall Capture Client
1 Github repository
NA
CVE-2023-44221
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
Sonicwall Sma 200 Firmware
Sonicwall Sma 210 Firmware
Sonicwall Sma 400 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
NA
CVE-2023-5970
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated malicious user to create an identical external domain user using accent characters, resulting in an MFA bypass.
Sonicwall Sma 200 Firmware
Sonicwall Sma 210 Firmware
Sonicwall Sma 400 Firmware
Sonicwall Sma 410 Firmware
Sonicwall Sma 500v Firmware
NA
CVE-2023-44219
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and previous versions versions allows a local low-privileged user to gain system privileges through running the recovery feature.
Sonicwall Directory Services Connector
NA
CVE-2023-44220
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and previous versions versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
Sonicwall Netextender
NA
CVE-2023-41711
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
Sonicwall Sonicos
NA
CVE-2023-41712
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
Sonicwall Sonicos
NA
CVE-2023-41713
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
Sonicwall Sonicos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »