Sonicos
by SonicWall
CVEs (68)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40765 | Cri | 0.64 | 9.8 | 0.01 | Jan 9, 2025 | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||
| CVE-2024-40762 | Cri | 0.64 | 9.8 | 0.01 | Jan 9, 2025 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | ||
| CVE-2024-3596 | Cri | 0.60 | 9.0 | 0.15 | Jul 9, 2024 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | ||
| CVE-2026-0204 | Hig | 0.52 | 8.0 | 0.00 | Apr 29, 2026 | A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions. | ||
| CVE-2025-32818 | Hig | 0.49 | 7.5 | 0.01 | Apr 23, 2025 | A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. | ||
| CVE-2024-53705 | Hig | 0.49 | 7.5 | 0.01 | Jan 9, 2025 | A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. | ||
| CVE-2024-12805 | Hig | 0.47 | 7.2 | 0.01 | Jan 9, 2025 | A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||
| CVE-2024-12803 | Hig | 0.47 | 7.2 | 0.01 | Jan 9, 2025 | A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||
| CVE-2026-0205 | Med | 0.44 | 6.8 | 0.00 | Apr 29, 2026 | A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. | ||
| CVE-2024-22396 | Med | 0.35 | 5.3 | 0.01 | Mar 14, 2024 | An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||
| CVE-2018-5281 | Med | 0.35 | 5.4 | 0.03 | Jan 8, 2018 | SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | ||
| CVE-2018-5280 | Med | 0.35 | 5.4 | 0.03 | Jan 8, 2018 | SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | ||
| CVE-2026-0206 | Med | 0.32 | 4.9 | 0.01 | Apr 29, 2026 | A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall. | ||
| CVE-2024-12806 | Med | 0.32 | 4.9 | 0.01 | Jan 9, 2025 | A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. | ||
| CVE-2024-53704 | 0.26 | — | 0.95 | KEV | Jan 9, 2025 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | ||
| CVE-2024-40766 | 0.18 | — | 0.16 | KEV | Aug 23, 2024 | An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices,… | ||
| CVE-2020-5135 | 0.14 | — | 0.27 | KEV | Oct 12, 2020 | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv… | ||
| CVE-2021-20031 | 0.06 | — | 0.13 | Oct 12, 2021 | A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. | |||
| CVE-2022-22274 | 0.04 | — | 0.57 | Mar 25, 2022 | A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. | |||
| CVE-2023-0656 | 0.03 | — | 0.41 | Mar 2, 2023 | A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. |
- risk 0.64cvss 9.8epss 0.01
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
- risk 0.64cvss 9.8epss 0.01
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.
- risk 0.60cvss 9.0epss 0.15
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
- risk 0.52cvss 8.0epss 0.00
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
- risk 0.49cvss 7.5epss 0.01
A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.
- risk 0.49cvss 7.5epss 0.01
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
- risk 0.47cvss 7.2epss 0.01
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
- risk 0.47cvss 7.2epss 0.01
A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
- risk 0.44cvss 6.8epss 0.00
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
- risk 0.35cvss 5.3epss 0.01
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
- risk 0.35cvss 5.4epss 0.03
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
- risk 0.35cvss 5.4epss 0.03
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.
- risk 0.32cvss 4.9epss 0.01
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
- risk 0.32cvss 4.9epss 0.01
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.
- risk 0.26cvss —epss 0.95
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
- risk 0.18cvss —epss 0.16
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices,…
- risk 0.14cvss —epss 0.27
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv…
- CVE-2021-20031Oct 12, 2021risk 0.06cvss —epss 0.13
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
- CVE-2022-22274Mar 25, 2022risk 0.04cvss —epss 0.57
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
- CVE-2023-0656Mar 2, 2023risk 0.03cvss —epss 0.41
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
Page 1 of 4