Sonicwall

Sonicos

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-40762

  • EPSS 0.12%
  • Veröffentlicht 09.01.2025 07:15:26
  • Zuletzt bearbeitet 09.01.2025 15:15:15

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

9.8

CVE-2024-40766

Warnung Medienbericht
  • EPSS 10%
  • Veröffentlicht 23.08.2024 07:15:03
  • Zuletzt bearbeitet 16.09.2024 19:48:30

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firew...

7.5

CVE-2024-40764

  • EPSS 10.16%
  • Veröffentlicht 18.07.2024 08:15:02
  • Zuletzt bearbeitet 21.11.2024 09:31:34

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

9

CVE-2024-3596

Medienbericht
  • EPSS 24.61%
  • Veröffentlicht 09.07.2024 12:15:20
  • Zuletzt bearbeitet 04.09.2025 21:15:32

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Respon...

6.5

CVE-2024-29013

  • EPSS 2.28%
  • Veröffentlicht 20.06.2024 09:15:11
  • Zuletzt bearbeitet 25.03.2025 17:15:53

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.

7.5

CVE-2024-29012

  • EPSS 2.25%
  • Veröffentlicht 20.06.2024 09:15:11
  • Zuletzt bearbeitet 25.03.2025 17:15:53

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

8.3

CVE-2024-22397

  • EPSS 0.3%
  • Veröffentlicht 14.03.2024 04:15:09
  • Zuletzt bearbeitet 27.03.2025 17:15:54

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.

5.3

CVE-2024-22396

  • EPSS 1.59%
  • Veröffentlicht 14.03.2024 04:15:09
  • Zuletzt bearbeitet 21.11.2024 08:56:11

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

9.8

CVE-2024-22394

  • EPSS 0.71%
  • Veröffentlicht 08.02.2024 02:15:07
  • Zuletzt bearbeitet 21.11.2024 08:56:11

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.

8.8

CVE-2023-41715

  • EPSS 0.34%
  • Veröffentlicht 17.10.2023 23:15:12
  • Zuletzt bearbeitet 02.05.2025 19:15:55

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.