Sonicwall

Sma100 Firmware

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-53703

  • EPSS 0.38%
  • Published 05.12.2024 14:15:22
  • Last modified 05.12.2024 15:15:11

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

8.1

CVE-2024-45318

  • EPSS 0.61%
  • Published 05.12.2024 14:15:21
  • Last modified 05.12.2024 17:15:11

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

5.3

CVE-2024-53702

  • EPSS 0.09%
  • Published 05.12.2024 14:15:21
  • Last modified 05.12.2024 16:15:26

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

7.5

CVE-2024-40763

  • EPSS 0.27%
  • Published 05.12.2024 14:15:20
  • Last modified 05.12.2024 17:15:11

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

7.4

CVE-2021-3450

  • EPSS 0.69%
  • Published 25.03.2021 15:15:13
  • Last modified 21.11.2024 06:21:33

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...

9

CVE-2021-20017

  • EPSS 2.07%
  • Published 13.03.2021 02:15:12
  • Last modified 21.11.2024 05:45:47

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

4.9

CVE-2021-20018

  • EPSS 0.09%
  • Published 13.03.2021 02:15:12
  • Last modified 21.11.2024 05:45:47

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

5.3

CVE-2020-5132

  • EPSS 0.17%
  • Published 30.09.2020 06:15:12
  • Last modified 21.11.2024 05:33:36

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN auth...