VYPR

Sonicos

by SonicWall

CVEs (68)

  • CVE-2024-40765CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.01

    An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

  • CVE-2024-40762CriJan 9, 2025
    risk 0.64cvss 9.8epss 0.01

    Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

  • CVE-2024-3596CriJul 9, 2024
    risk 0.60cvss 9.0epss 0.15

    RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

  • CVE-2026-0204HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

  • CVE-2025-32818HigApr 23, 2025
    risk 0.49cvss 7.5epss 0.01

    A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

  • CVE-2024-53705HigJan 9, 2025
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

  • CVE-2024-12805HigJan 9, 2025
    risk 0.47cvss 7.2epss 0.01

    A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

  • CVE-2024-12803HigJan 9, 2025
    risk 0.47cvss 7.2epss 0.01

    A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

  • CVE-2026-0205MedApr 29, 2026
    risk 0.44cvss 6.8epss 0.00

    A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

  • CVE-2024-22396MedMar 14, 2024
    risk 0.35cvss 5.3epss 0.01

    An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

  • CVE-2018-5281MedJan 8, 2018
    risk 0.35cvss 5.4epss 0.03

    SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.

  • CVE-2018-5280MedJan 8, 2018
    risk 0.35cvss 5.4epss 0.03

    SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

  • CVE-2026-0206MedApr 29, 2026
    risk 0.32cvss 4.9epss 0.01

    A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

  • CVE-2024-12806MedJan 9, 2025
    risk 0.32cvss 4.9epss 0.01

    A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

  • CVE-2024-53704KEVJan 9, 2025
    risk 0.26cvss epss 0.95

    An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

  • CVE-2024-40766KEVAug 23, 2024
    risk 0.18cvss epss 0.16

    An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices,…

  • CVE-2020-5135KEVOct 12, 2020
    risk 0.14cvss epss 0.27

    A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv…

  • CVE-2021-20031Oct 12, 2021
    risk 0.06cvss epss 0.13

    A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

  • CVE-2022-22274Mar 25, 2022
    risk 0.04cvss epss 0.57

    A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

  • CVE-2023-0656Mar 2, 2023
    risk 0.03cvss epss 0.41

    A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Page 1 of 4