Sonicwall

Sonicos

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-53705

  • EPSS 0.06%
  • Veröffentlicht 09.01.2025 07:15:27
  • Zuletzt bearbeitet 09.01.2025 15:15:18

A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

9.8

CVE-2024-40762

  • EPSS 0.14%
  • Veröffentlicht 09.01.2025 07:15:26
  • Zuletzt bearbeitet 09.01.2025 15:15:15

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

9.8

CVE-2024-40766

Warnung Medienbericht
  • EPSS 9.31%
  • Veröffentlicht 23.08.2024 07:15:03
  • Zuletzt bearbeitet 31.10.2025 15:56:26

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firew...

7.5

CVE-2024-40764

  • EPSS 6.41%
  • Veröffentlicht 18.07.2024 08:15:02
  • Zuletzt bearbeitet 21.11.2024 09:31:34

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

9

CVE-2024-3596

Medienbericht
  • EPSS 25.32%
  • Veröffentlicht 09.07.2024 12:15:20
  • Zuletzt bearbeitet 04.11.2025 18:16:31

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Respon...

6.5

CVE-2024-29013

  • EPSS 1.34%
  • Veröffentlicht 20.06.2024 09:15:11
  • Zuletzt bearbeitet 25.03.2025 17:15:53

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.

7.5

CVE-2024-29012

  • EPSS 2.25%
  • Veröffentlicht 20.06.2024 09:15:11
  • Zuletzt bearbeitet 25.03.2025 17:15:53

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

8.3

CVE-2024-22397

  • EPSS 0.2%
  • Veröffentlicht 14.03.2024 04:15:09
  • Zuletzt bearbeitet 27.03.2025 17:15:54

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.

5.3

CVE-2024-22396

  • EPSS 1.22%
  • Veröffentlicht 14.03.2024 04:15:09
  • Zuletzt bearbeitet 21.11.2024 08:56:11

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

9.8

CVE-2024-22394

  • EPSS 0.86%
  • Veröffentlicht 08.02.2024 02:15:07
  • Zuletzt bearbeitet 21.11.2024 08:56:11

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.