Filtered by vendor Sonicwall
Subscribe
Total
149 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20017 | 1 Sonicwall | 2 Sma100, Sma100 Firmware | 2021-03-19 | 9.0 HIGH | 8.8 HIGH |
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | |||||
CVE-2020-5148 | 1 Sonicwall | 1 Directory Services Connector | 2021-03-15 | 6.4 MEDIUM | 8.2 HIGH |
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | |||||
CVE-2021-20016 | 1 Sonicwall | 11 Sma 100, Sma 100 Firmware, Sma 200 and 8 more | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. | |||||
CVE-2020-5146 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2021-01-14 | 9.0 HIGH | 7.2 HIGH |
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. | |||||
CVE-2020-5144 | 1 Sonicwall | 1 Global Vpn Client | 2020-11-03 | 6.9 MEDIUM | 7.8 HIGH |
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | |||||
CVE-2020-5145 | 1 Sonicwall | 1 Global Vpn Client | 2020-10-30 | 6.9 MEDIUM | 8.6 HIGH |
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system. | |||||
CVE-2020-5133 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5134 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5136 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 4.0 MEDIUM | 6.5 MEDIUM |
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5137 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 5.0 MEDIUM | 7.5 HIGH |
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-5139 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5140 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5141 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 6.4 MEDIUM | 6.5 MEDIUM |
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5142 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2019-7479 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-09 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
CVE-2020-5132 | 1 Sonicwall | 3 Sma100, Sma100 Firmware, Sonicos | 2020-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. | |||||
CVE-2019-7475 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
CVE-2019-7474 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2020-10-06 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V). | |||||
CVE-2015-4173 | 1 Sonicwall | 1 Netextender | 2020-08-05 | 6.9 MEDIUM | N/A |
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. |