cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23007,https://securityvulnerability.io/vulnerability/CVE-2025-23007,Unauthorized Access Vulnerability in NetExtender Windows Client by SonicWall,"A vulnerability in the log export function of SonicWall's NetExtender Windows client permits unauthorized access to sensitive system files on Windows systems. This security flaw could lead to privilege escalation, allowing attackers to manipulate system configurations or access confidential data without proper authorization. Users of the affected versions should apply available security updates to mitigate potential risks.",Sonicwall,Netextender,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T09:44:17.800Z,0
CVE-2025-23006,https://securityvulnerability.io/vulnerability/CVE-2025-23006,Pre-authentication Deserialization Vulnerability in SMA1000 Appliance Management Console by SonicWall,"A vulnerability exists within the SMA1000 Appliance Management Console and Central Management Console that allows for the pre-authentication deserialization of untrusted data. This flaw can potentially let a remote unauthenticated attacker execute arbitrary OS commands under specific conditions, posing a significant security risk to affected systems.",Sonicwall,Sma1000,9.8,CRITICAL,0.013690000399947166,true,2025-01-24T00:00:00.000Z,true,true,true,2025-01-23T10:40:50.000Z,false,true,false,,2025-01-23T11:37:41.148Z,3762
CVE-2024-12802,https://securityvulnerability.io/vulnerability/CVE-2024-12802,MFA Bypass Vulnerability in SonicWALL SSL-VPN Affecting Microsoft Active Directory Integration,"A vulnerability in SonicWALL’s SSL-VPN could allow attackers to bypass Multi-Factor Authentication (MFA) by exploiting inconsistencies in how User Principal Names (UPN) and Security Account Manager (SAM) account names are handled during integration with Microsoft Active Directory. This separation enables attackers to configure MFA independently for different login methods, creating a potential pathway for unauthorized access.",Sonicwall,Sonicos,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T09:08:26.012Z,0
CVE-2024-12805,https://securityvulnerability.io/vulnerability/CVE-2024-12805,Post-Authentication Format String Vulnerability in SonicWall SonicOS,"A format string vulnerability exists in the SonicOS management interface, which is exposed after user authentication. This flaw can be exploited by remote attackers to crash the firewall or potentially execute arbitrary code remotely, posing a significant risk to network security. Users are advised to review the SonicWall advisory and apply necessary mitigation measures to protect their systems.",Sonicwall,Sonicos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:24:12.357Z,0
CVE-2024-12803,https://securityvulnerability.io/vulnerability/CVE-2024-12803,Buffer Overflow Vulnerability in SonicWall's SonicOS Management,"A stack-based buffer overflow vulnerability in the management interface of SonicWall's SonicOS has been identified, which allows remote authenticated attackers to cause a denial of service on the firewall. Exploiting this vulnerability could potentially enable attackers to execute arbitrary code, compromising network security and stability.",Sonicwall,Sonicos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:21:53.799Z,0
CVE-2024-40766,https://securityvulnerability.io/vulnerability/CVE-2024-40766,Improper Access Control Vulnerability Affects Sonicwall Firewalls,"An improper access control issue has been detected in the management access of SonicWall's SonicOS. This vulnerability can allow unauthorized access to various resources within affected SonicWall Firewall devices, potentially leading to significant security risks. In certain scenarios, this vulnerability may also result in the firewall crashing, affecting the overall security posture and functionality of the network environment. The affected devices include generations 5, 6, and 7 of SonicWall Firewalls operating on SonicOS versions 7.0.1-5035 and earlier. Users are urged to review their systems and apply the necessary updates to mitigate associated risks.",Sonicwall,Sonicos,9.8,CRITICAL,0.008190000429749489,true,2024-09-09T00:00:00.000Z,true,true,true,2024-08-30T13:23:38.000Z,,true,true,2024-09-13T01:52:02.518Z,2024-08-23T06:19:07.229Z,6143
CVE-2024-40764,https://securityvulnerability.io/vulnerability/CVE-2024-40764,Unauthenticated DoS Vulnerability in SonicOS IPSec VPN,"A heap-based buffer overflow vulnerability has been identified in the SonicOS IPSec VPN, which can be exploited by unauthenticated remote attackers. The exploitation of this vulnerability could lead to a Denial of Service (DoS), affecting the availability of the service. It is critical for users of this platform to apply the recommended security patches and updates as provided by SonicWall to protect against potential threats. For further details on mitigation strategies, refer to the vendor advisory.",Sonicwall,Sonicos,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-18T07:42:37.995Z,0
CVE-2024-29014,https://securityvulnerability.io/vulnerability/CVE-2024-29014,Attackers Can Execute Arbitrary Code via SonicWall NetExtender Client Update,"The SonicWall NetExtender client update vulnerability (CVE-2024-29014) allows attackers to execute arbitrary code, while the Palo Alto Networks GlobalProtect App vulnerability (CVE-2024-5921) allows for remote code execution and privilege escalation. These vulnerabilities can be exploited to achieve remote code execution. Both vendors have released patches to address these vulnerabilities. While the exploits have not been exploited by ransomware groups, the potential impact of the vulnerabilities is significant, as attackers could install malicious software and compromise systems. The release of NachoVPN, an open-source tool that simulates rogue VPN servers capable of exploiting these and other vulnerabilities, highlights the urgency of addressing these vulnerabilities.",Sonicwall,Netextender,8.8,HIGH,0.0004900000058114529,false,,true,false,false,,,false,false,,2024-07-18T07:37:12.258Z,0
CVE-2024-29012,https://securityvulnerability.io/vulnerability/CVE-2024-29012,SonicOS HTTP Server Buffer Overflow Vulnerability Leads to DoS,"The SonicOS HTTP server is susceptible to a stack-based buffer overflow vulnerability that can be exploited by an authenticated remote attacker. By leveraging this vulnerability, an attacker can utilize the sscanf function to manipulate buffer allocations, ultimately causing a Denial of Service (DoS) condition. This issue highlights the critical nature of secure coding practices and the importance of timely patch management to protect against potential attack vectors.",Sonicwall,Sonicos,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-20T08:11:10.318Z,0
CVE-2024-22394,https://securityvulnerability.io/vulnerability/CVE-2024-22394,Improper Authentication Vulnerability Affects SonicWall SSL-VPN,"An improper authentication vulnerability exists within the SSL-VPN feature of SonicWall's SonicOS. When exploited under specific conditions, this vulnerability enables a remote attacker to bypass the authentication mechanism, potentially leading to unauthorized access. This issue is present exclusively in SonicOS firmware version 7.1.1-7040, posing a significant risk to organizations using this version for secure remote access.",SonicWall,SonicOS,9.8,CRITICAL,0.0010499999625608325,false,,false,false,false,,,false,false,,2024-02-08T01:14:33.634Z,0
CVE-2023-5970,https://securityvulnerability.io/vulnerability/CVE-2023-5970,Improper Authentication in SMA100 SSL-VPN by SonicWall,"The SMA100 SSL-VPN's virtual office portal is susceptible to an authentication flaw that allows a remote authenticated attacker to exploit this weakness. By using accented characters, the attacker can create an identical external domain user, leading to a potential bypass of multi-factor authentication (MFA). This vulnerability raises significant concerns regarding user identity protection and network security for affected users.",SonicWall,SMA100,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-12-05T21:15:00.000Z,0
CVE-2023-44221,https://securityvulnerability.io/vulnerability/CVE-2023-44221,OS Command Injection Vulnerability in SMA100 SSL-VPN by SonicWall,"An OS command injection vulnerability exists in the management interface of SonicWall's SMA100 SSL-VPN. This issue arises due to improper handling of special elements, allowing authenticated attackers with administrative privileges to execute arbitrary commands as the 'nobody' user. This can potentially compromise the security of the underlying operating system, enabling access to sensitive information or further system misconfiguration.",Sonicwall,Sma100,7.2,HIGH,0.0014199999859556556,false,,false,false,false,,,false,false,,2023-12-05T21:15:00.000Z,0
CVE-2023-44220,https://securityvulnerability.io/vulnerability/CVE-2023-44220,DLL Search Order Hijacking in SonicWall NetExtender for Windows,"SonicWall NetExtender for Windows versions 10.2.336 and earlier are susceptible to a DLL Search Order Hijacking vulnerability. This issue arises in the start-up DLL component, allowing local attackers to exploit the vulnerability to execute arbitrary commands on the affected system, potentially compromising system integrity and data security.",Sonicwall,Netextender,7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-27T08:15:00.000Z,0
CVE-2023-44219,https://securityvulnerability.io/vulnerability/CVE-2023-44219,Local Privilege Escalation Vulnerability in SonicWall Directory Services Connector,"A local privilege escalation vulnerability exists in SonicWall Directory Services Connector Windows MSI client versions 4.1.21 and earlier. This flaw allows a low-privileged local user to execute the recovery feature, potentially granting them escalated system privileges. Mitigating this vulnerability is crucial to maintain the integrity and security of affected systems. Users are encouraged to review their installations and update to secure versions.",Sonicwall,Directory Services Connector,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-27T08:15:00.000Z,0
CVE-2023-41715,https://securityvulnerability.io/vulnerability/CVE-2023-41715,Improper Privilege Management in SonicWall SonicOS SSL VPN Tunnel,"The vulnerability in SonicWall SonicOS SSL VPN Tunnel allows authenticated users to elevate their privileges, potentially leading to unauthorized access to sensitive data and system functionalities within the secured environment. This flaw raises significant concerns regarding user security and the integrity of access controls in the VPN. Organizations using SonicWall's solutions should assess their systems for this vulnerability and apply best security practices to mitigate potential risks.",SonicWall,SonicOS,8.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-41713,https://securityvulnerability.io/vulnerability/CVE-2023-41713,SonicWall SonicOS Hard-coded Password Vulnerability in Demo Function,"A security issue has been identified in SonicWall's SonicOS where a hard-coded password is utilized in the 'dynHandleBuyToolbar' demo function. This vulnerability can potentially allow unauthorized access, compromising the security measures intended to protect users and their data. Organizations using affected versions are strongly advised to apply the latest security updates to mitigate associated risks.",Sonicwall,Sonicos,7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-44217,https://securityvulnerability.io/vulnerability/CVE-2023-44217,Local Privilege Escalation Vulnerability in SonicWall Net Extender for Windows,"A vulnerability exists in SonicWall Net Extender MSI client for Windows that enables a local low-privileged user to escalate their privileges to system level. This is achieved by exploiting the repair functionality in affected versions, specifically versions 10.2.336 and earlier. As this vulnerability could allow unauthorized users to gain heightened access on the system, it's critical to address it promptly to protect sensitive information and system integrity.",Sonicwall,Netextender,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-03T08:15:00.000Z,0
CVE-2023-44218,https://securityvulnerability.io/vulnerability/CVE-2023-44218,Local Privilege Escalation Vulnerability in SonicWall NetExtender,"A vulnerability in the SonicWall NetExtender Pre-Logon feature allows unauthorized users to gain access to the underlying Windows operating system with SYSTEM level privileges. This flaw can lead to local privilege escalation, potentially enabling malicious activities by unauthorized users. Organizations using affected versions of NetExtender should take prompt action to mitigate this risk as detailed in the vendor's advisory.",Sonicwall,Netextender,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-03T08:15:00.000Z,0
CVE-2023-34136,https://securityvulnerability.io/vulnerability/CVE-2023-34136,File Upload Vulnerability in SonicWall GMS and Analytics,"A vulnerability exists in SonicWall GMS and Analytics, enabling an unauthenticated attacker to upload files to directories not controlled by the attacker. This could lead to potential exploitation, as the attacker may gain unauthorized access to sensitive information or cause disruption within the affected systems. The issue impacts GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and earlier, necessitating immediate attention and patching to mitigate risks.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.0022100000642240047,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34132,https://securityvulnerability.io/vulnerability/CVE-2023-34132,Authentication Vulnerability in SonicWall GMS and Analytics Products,"An authentication vulnerability exists in SonicWall GMS and Analytics, where the use of password hashes instead of plain passwords for authentication exposes the system to Pass-the-Hash attacks. This flaw can be exploited by attackers to gain unauthorized access to accounts and sensitive data, compromising the integrity of the affected systems. Businesses using GMS versions prior to 9.3.2-SP1 and Analytics versions prior to 2.5.0.4-R7 are particularly at risk and should take immediate action to remediate this vulnerability.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.001930000027641654,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34133,https://securityvulnerability.io/vulnerability/CVE-2023-34133,SQL Injection Vulnerability in SonicWall GMS and Analytics,"An SQL Injection vulnerability in SonicWall GMS and Analytics allows unauthenticated attackers to access sensitive information from the application's database. This issue exposes critical data in GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and earlier, presenting a significant security risk for users without immediate remediation.",SonicWall,"GMS,Analytics",7.5,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34137,https://securityvulnerability.io/vulnerability/CVE-2023-34137,Authentication Bypass in SonicWall GMS and Analytics CAS Web Services,"The SonicWall GMS and Analytics CAS Web Services applications contain an authentication bypass vulnerability due to the use of static values for authentication without proper validation. This flaw can allow unauthorized users to gain access to sensitive functionalities, compromising the security of the affected products. Users are urged to upgrade to the latest versions to mitigate this risk and enhance their system defenses.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.0022100000642240047,false,,false,false,false,,,false,false,,2023-07-13T03:15:00.000Z,0
CVE-2023-34130,https://securityvulnerability.io/vulnerability/CVE-2023-34130,Outdated Encryption in SonicWall GMS and Analytics Exposes Sensitive Data,"SonicWall GMS and Analytics are impacted by a vulnerability stemming from the use of the outdated Tiny Encryption Algorithm (TEA) with a hardcoded key. This flaw puts sensitive data at risk, as the encryption method employed is inadequate and allows for potential exposure by malicious actors. Users of GMS versions 9.3.2-SP1 and earlier, along with Analytics versions 2.5.0.4-R7 and prior, should take immediate action to mitigate this security risk.",Sonicwall,"Gms,Analytics",9.8,CRITICAL,0.001500000013038516,false,,false,false,false,,,false,false,,2023-07-13T02:15:00.000Z,0
CVE-2023-34129,https://securityvulnerability.io/vulnerability/CVE-2023-34129,Path Traversal Vulnerability in SonicWall GMS and Analytics,"A vulnerability exists in SonicWall GMS and Analytics due to insufficient restrictions on pathname access, enabling an authenticated remote attacker to exploit this weakness using a 'Zip Slip' technique. This flaw enables the extraction of arbitrary files to any location on the underlying filesystem, potentially granting root privileges. The issue impacts specific versions of both GMS and Analytics, highlighting the critical need for users to review and mitigate this risk.",Sonicwall,"Gms,Analytics",8.8,HIGH,0.005009999964386225,false,,false,false,false,,,false,false,,2023-07-13T02:15:00.000Z,0
CVE-2023-34126,https://securityvulnerability.io/vulnerability/CVE-2023-34126,File Upload Vulnerability in SonicWall GMS and Analytics Products,"A vulnerability in SonicWall's GMS and Analytics products enables an authenticated attacker to upload arbitrary files to the underlying filesystem with root privileges. This creates significant security risks, as the attacker could leverage these permissions to conduct further malicious activities. The affected versions of GMS include 9.3.2-SP1 and earlier, while the impacted Analytics versions are 2.5.0.4-R7 and earlier. Organizations using these platforms should apply the necessary updates and mitigations to safeguard their systems.",Sonicwall,"Gms,Analytics",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-07-13T01:15:00.000Z,0