Sonicos
by SonicWall
CVEs (68)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40764 | 0.01 | — | 0.01 | Jul 18, 2024 | Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | |||
| CVE-2026-3439 | 0.00 | — | 0.00 | Mar 4, 2026 | A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | |||
| CVE-2026-0402 | 0.00 | — | 0.00 | Feb 24, 2026 | A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. | |||
| CVE-2026-0401 | 0.00 | — | 0.00 | Feb 24, 2026 | A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | |||
| CVE-2026-0400 | 0.00 | — | 0.00 | Feb 24, 2026 | A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. | |||
| CVE-2026-0399 | 0.00 | — | 0.00 | Feb 24, 2026 | Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. | |||
| CVE-2025-40601 | 0.00 | — | 0.01 | Nov 20, 2025 | A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | |||
| CVE-2025-40600 | 0.00 | — | 0.01 | Jul 29, 2025 | Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. | |||
| CVE-2024-29013 | 0.00 | — | 0.01 | Jun 20, 2024 | Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | |||
| CVE-2024-29012 | 0.00 | — | 0.01 | Jun 20, 2024 | Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | |||
| CVE-2024-22394 | 0.00 | — | 0.01 | Feb 8, 2024 | An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. | |||
| CVE-2023-41715 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | |||
| CVE-2023-41713 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | |||
| CVE-2023-41712 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. | |||
| CVE-2023-41711 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. | |||
| CVE-2023-39280 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash. | |||
| CVE-2023-39279 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. | |||
| CVE-2023-39278 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash. | |||
| CVE-2023-39277 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. | |||
| CVE-2023-39276 | 0.00 | — | 0.01 | Oct 17, 2023 | SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash. |
- CVE-2024-40764Jul 18, 2024risk 0.01cvss —epss 0.01
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
- CVE-2026-3439Mar 4, 2026risk 0.00cvss —epss 0.00
A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.
- CVE-2026-0402Feb 24, 2026risk 0.00cvss —epss 0.00
A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.
- CVE-2026-0401Feb 24, 2026risk 0.00cvss —epss 0.00
A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.
- CVE-2026-0400Feb 24, 2026risk 0.00cvss —epss 0.00
A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.
- CVE-2026-0399Feb 24, 2026risk 0.00cvss —epss 0.00
Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.
- CVE-2025-40601Nov 20, 2025risk 0.00cvss —epss 0.01
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
- CVE-2025-40600Jul 29, 2025risk 0.00cvss —epss 0.01
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.
- CVE-2024-29013Jun 20, 2024risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
- CVE-2024-29012Jun 20, 2024risk 0.00cvss —epss 0.01
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
- CVE-2024-22394Feb 8, 2024risk 0.00cvss —epss 0.01
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.
- CVE-2023-41715Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
- CVE-2023-41713Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
- CVE-2023-41712Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
- CVE-2023-41711Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
- CVE-2023-39280Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
- CVE-2023-39279Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
- CVE-2023-39278Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
- CVE-2023-39277Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
- CVE-2023-39276Oct 17, 2023risk 0.00cvss —epss 0.01
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
Page 2 of 4