Sonicwall

Sonicos

70 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-40762

  • EPSS 0.12%
  • Published 09.01.2025 07:15:26
  • Last modified 09.01.2025 15:15:15

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

9.8

CVE-2024-40766

Warning Media report
  • EPSS 10%
  • Published 23.08.2024 07:15:03
  • Last modified 16.09.2024 19:48:30

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firew...

7.5

CVE-2024-40764

  • EPSS 10.16%
  • Published 18.07.2024 08:15:02
  • Last modified 21.11.2024 09:31:34

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

9

CVE-2024-3596

Media report
  • EPSS 24.61%
  • Published 09.07.2024 12:15:20
  • Last modified 04.09.2025 21:15:32

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Respon...

6.5

CVE-2024-29013

  • EPSS 2.28%
  • Published 20.06.2024 09:15:11
  • Last modified 25.03.2025 17:15:53

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.

7.5

CVE-2024-29012

  • EPSS 2.25%
  • Published 20.06.2024 09:15:11
  • Last modified 25.03.2025 17:15:53

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

8.3

CVE-2024-22397

  • EPSS 0.3%
  • Published 14.03.2024 04:15:09
  • Last modified 27.03.2025 17:15:54

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.

5.3

CVE-2024-22396

  • EPSS 1.59%
  • Published 14.03.2024 04:15:09
  • Last modified 21.11.2024 08:56:11

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

9.8

CVE-2024-22394

  • EPSS 0.71%
  • Published 08.02.2024 02:15:07
  • Last modified 21.11.2024 08:56:11

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.

8.8

CVE-2023-41715

  • EPSS 0.34%
  • Published 17.10.2023 23:15:12
  • Last modified 02.05.2025 19:15:55

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.