VYPR

SMA100 SSLVPN

by SonicWall

CVEs (8)

  • CVE-2023-44221HigKEVDec 5, 2023
    risk 0.65cvss 7.2epss 0.75

    Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

  • CVE-2023-5970HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.01

    Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

  • CVE-2024-53703HigDec 5, 2024
    risk 0.54cvss 8.1epss 0.13

    A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

  • CVE-2024-45318HigDec 5, 2024
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

  • CVE-2024-40763HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

  • CVE-2024-45319MedDec 5, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.

  • CVE-2024-22395MedFeb 24, 2024
    risk 0.41cvss 6.3epss 0.00

    Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

  • CVE-2024-53702MedDec 5, 2024
    risk 0.34cvss 5.3epss 0.00

    Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.