VYPR

Sonicos

by SonicWall

CVEs (68)

  • CVE-2023-1101Mar 2, 2023
    risk 0.00cvss epss 0.01

    SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

  • CVE-2022-22278Apr 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

  • CVE-2022-22277Apr 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.

  • CVE-2022-22276Apr 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.

  • CVE-2022-22275Apr 27, 2022
    risk 0.00cvss epss 0.01

    Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

  • CVE-2021-20048Jan 7, 2022
    risk 0.00cvss epss 0.02

    A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware…

  • CVE-2021-20046Jan 7, 2022
    risk 0.00cvss epss 0.02

    A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware…

  • CVE-2021-20019Jun 23, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.

  • CVE-2021-20027Jun 14, 2021
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

  • CVE-2020-5143Oct 12, 2020
    risk 0.00cvss epss 0.02

    SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3,…

  • CVE-2020-5142Oct 12, 2020
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version…

  • CVE-2020-5141Oct 12, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7…

  • CVE-2020-5140Oct 12, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6…

  • CVE-2020-5138Oct 12, 2020
    risk 0.00cvss epss 0.02

    A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,…

  • CVE-2020-5139Oct 12, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,…

  • CVE-2020-5137Oct 12, 2020
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,…

  • CVE-2020-5136Oct 12, 2020
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,…

  • CVE-2020-5134Oct 12, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

  • CVE-2020-5133Oct 12, 2020
    risk 0.00cvss epss 0.02

    A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

  • CVE-2020-5132Sep 30, 2020
    risk 0.00cvss epss 0.01

    SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an…