SMA100
by SonicWall
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5970 | 0.00 | — | 0.01 | Dec 5, 2023 | Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. | |||
| CVE-2022-2915 | 0.00 | — | 0.01 | Aug 26, 2022 | A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | |||
| CVE-2022-1703 | 0.00 | — | 0.04 | Jun 3, 2022 | Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | |||
| CVE-2021-20018 | 0.00 | — | 0.00 | Mar 13, 2021 | A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | |||
| CVE-2021-20017 | 0.00 | — | 0.03 | Mar 13, 2021 | A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | |||
| CVE-2020-5146 | 0.00 | — | 0.02 | Jan 9, 2021 | A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. | |||
| CVE-2020-5132 | 0.00 | — | 0.00 | Sep 30, 2020 | SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. | |||
| CVE-2020-5129 | 0.00 | — | 0.01 | Mar 26, 2020 | A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. | |||
| CVE-2019-7486 | 0.00 | — | 0.01 | Dec 19, 2019 | Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier. | |||
| CVE-2019-7484 | 0.00 | — | 0.00 | Dec 19, 2019 | Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. | |||
| CVE-2019-7485 | 0.00 | — | 0.01 | Dec 19, 2019 | Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. |
- CVE-2023-5970Dec 5, 2023risk 0.00cvss —epss 0.01
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
- CVE-2022-2915Aug 26, 2022risk 0.00cvss —epss 0.01
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.
- CVE-2022-1703Jun 3, 2022risk 0.00cvss —epss 0.04
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
- CVE-2021-20018Mar 13, 2021risk 0.00cvss —epss 0.00
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
- CVE-2021-20017Mar 13, 2021risk 0.00cvss —epss 0.03
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
- CVE-2020-5146Jan 9, 2021risk 0.00cvss —epss 0.02
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.
- CVE-2020-5132Sep 30, 2020risk 0.00cvss —epss 0.00
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.
- CVE-2020-5129Mar 26, 2020risk 0.00cvss —epss 0.01
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.
- CVE-2019-7486Dec 19, 2019risk 0.00cvss —epss 0.01
Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.
- CVE-2019-7484Dec 19, 2019risk 0.00cvss —epss 0.00
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
- CVE-2019-7485Dec 19, 2019risk 0.00cvss —epss 0.01
Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
Page 2 of 2