cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23007,https://securityvulnerability.io/vulnerability/CVE-2025-23007,Unauthorized Access Vulnerability in NetExtender Windows Client by SonicWall,"A vulnerability in the log export function of SonicWall's NetExtender Windows client permits unauthorized access to sensitive system files on Windows systems. This security flaw could lead to privilege escalation, allowing attackers to manipulate system configurations or access confidential data without proper authorization. Users of the affected versions should apply available security updates to mitigate potential risks.",Sonicwall,Netextender,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T09:44:17.800Z,0
CVE-2025-23006,https://securityvulnerability.io/vulnerability/CVE-2025-23006,Pre-authentication Deserialization Vulnerability in SMA1000 Appliance Management Console by SonicWall,"A vulnerability exists within the SMA1000 Appliance Management Console and Central Management Console that allows for the pre-authentication deserialization of untrusted data. This flaw can potentially let a remote unauthenticated attacker execute arbitrary OS commands under specific conditions, posing a significant security risk to affected systems.",Sonicwall,Sma1000,9.8,CRITICAL,0.013690000399947166,true,2025-01-24T00:00:00.000Z,true,true,true,2025-01-23T10:40:50.000Z,false,true,false,,2025-01-23T11:37:41.148Z,3762
CVE-2024-12802,https://securityvulnerability.io/vulnerability/CVE-2024-12802,MFA Bypass Vulnerability in SonicWALL SSL-VPN Affecting Microsoft Active Directory Integration,"A vulnerability in SonicWALL’s SSL-VPN could allow attackers to bypass Multi-Factor Authentication (MFA) by exploiting inconsistencies in how User Principal Names (UPN) and Security Account Manager (SAM) account names are handled during integration with Microsoft Active Directory. This separation enables attackers to configure MFA independently for different login methods, creating a potential pathway for unauthorized access.",Sonicwall,Sonicos,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T09:08:26.012Z,0
CVE-2024-12806,https://securityvulnerability.io/vulnerability/CVE-2024-12806,Post-Authentication Path Traversal Vulnerability in SonicOS by SonicWall,A post-authentication absolute path traversal vulnerability in SonicOS management enables a remote attacker to exploit the system by accessing arbitrary files. This flaw could lead to unauthorized information disclosure and potentially compromise sensitive data. Users are advised to apply the latest updates to mitigate risks associated with this vulnerability.,Sonicwall,Sonicos,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:28:13.844Z,0
CVE-2024-12805,https://securityvulnerability.io/vulnerability/CVE-2024-12805,Post-Authentication Format String Vulnerability in SonicWall SonicOS,"A format string vulnerability exists in the SonicOS management interface, which is exposed after user authentication. This flaw can be exploited by remote attackers to crash the firewall or potentially execute arbitrary code remotely, posing a significant risk to network security. Users are advised to review the SonicWall advisory and apply necessary mitigation measures to protect their systems.",Sonicwall,Sonicos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:24:12.357Z,0
CVE-2024-12803,https://securityvulnerability.io/vulnerability/CVE-2024-12803,Buffer Overflow Vulnerability in SonicWall's SonicOS Management,"A stack-based buffer overflow vulnerability in the management interface of SonicWall's SonicOS has been identified, which allows remote authenticated attackers to cause a denial of service on the firewall. Exploiting this vulnerability could potentially enable attackers to execute arbitrary code, compromising network security and stability.",Sonicwall,Sonicos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:21:53.799Z,0
CVE-2024-40765,https://securityvulnerability.io/vulnerability/CVE-2024-40765,Integer-based Buffer Overflow Vulnerability in SonicOS by SonicWall,"SonicOS has a vulnerability that stems from an integer-based buffer overflow in the processing of IPSec. This allows remote attackers, under specific circumstances, to send a carefully crafted IKEv2 payload. Exploiting this flaw could lead to a Denial of Service (DoS) situation and potentially allow the execution of arbitrary code. It is essential for users to be aware of this vulnerability and apply any necessary updates provided by SonicWall to safeguard their systems.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:12:40.644Z,0
CVE-2024-53706,https://securityvulnerability.io/vulnerability/CVE-2024-53706,Privilege Escalation Vulnerability in Gen7 SonicOS Cloud Platform by SonicWall,"A vulnerability in the Gen7 SonicOS Cloud platform NSv enables a remote authenticated local attacker with low privileges to escalate their privileges to root. This escalation could allow the attacker to execute arbitrary code, posing significant risks to system security and stability.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:05:11.185Z,0
CVE-2024-53705,https://securityvulnerability.io/vulnerability/CVE-2024-53705,Server-Side Request Forgery in SonicWall SonicOS SSH Management Interface,"A vulnerability in the SonicOS SSH management interface allows remote attackers to exploit Server-Side Request Forgery. This flaw enables an attacker to create a TCP connection to any IP address on any port while a user is logged into the firewall, potentially leading to unauthorized access and further compromise of the network.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T06:58:40.573Z,0
CVE-2024-53704,https://securityvulnerability.io/vulnerability/CVE-2024-53704,Improper Authentication Vulnerability in SSLVPN by SonicWall,"An improper authentication vulnerability exists in the SSLVPN authentication mechanism, allowing malicious actors to bypass authentication processes. This security loophole could enable a remote attacker to gain unauthorized access, presenting a significant risk to sensitive systems and data.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,true,false,true,2025-01-23T15:45:02.000Z,false,false,false,,2025-01-09T06:52:16.771Z,1474
CVE-2024-40762,https://securityvulnerability.io/vulnerability/CVE-2024-40762,Predictable Authentication Bypass in SonicWall SSLVPN Product,"This vulnerability involves the use of a Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the authentication token generator of SonicWall's SSLVPN. In certain scenarios, an attacker can predict the generated tokens, leading to potential authentication bypass. This flaw can compromise user accounts, grant unauthorized access, and expose sensitive data. It is crucial for users to apply the latest security updates to mitigate this issue.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T06:43:25.000Z,0
CVE-2024-53703,https://securityvulnerability.io/vulnerability/CVE-2024-53703,SonicWall SMA100 SSLVPN Firmware Vulnerability Could Lead to Code Execution,A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.,Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:59:35.490Z,0
CVE-2024-53702,https://securityvulnerability.io/vulnerability/CVE-2024-53702,Predictable Pseudo-Random Number Generator Vulnerability in SonicWall SMA100 SSLVPN,"Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.",Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:53:37.282Z,0
CVE-2024-45319,https://securityvulnerability.io/vulnerability/CVE-2024-45319,Certificate Requirement Circumvention Vulnerability in SonicWall SMA100 SSLVPN Firmware,"A vulnerability in the SonicWall SMA100 SSLVPN 

firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.",Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:50:28.768Z,0
CVE-2024-45318,https://securityvulnerability.io/vulnerability/CVE-2024-45318,Buffer Overflow Vulnerability in SonicWall SMA100 SSLVPN Could Lead to Code Execution,A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.,Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:43:31.716Z,0
CVE-2024-40763,https://securityvulnerability.io/vulnerability/CVE-2024-40763,Heap-based Buffer Overflow Vulnerability in SonicWall SMA100 SSLVPN,Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.,Sonicwall,Sma100,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T13:39:19.644Z,0
CVE-2024-45317,https://securityvulnerability.io/vulnerability/CVE-2024-45317,SSRF Vulnerability in SMA1000 Appliance Firmware Could Lead to Unintended IP Address Requests,"A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.",Sonicwall,Sma1000,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T08:30:23.707Z,0
CVE-2024-45316,https://securityvulnerability.io/vulnerability/CVE-2024-45316,Potential Local Privilege Escalation Vulnerability,"The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.",Sonicwall,Connect Tunnel,,,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-10-11T08:20:57.727Z,0
CVE-2024-45315,https://securityvulnerability.io/vulnerability/CVE-2024-45315,Local DoS Vulnerability in SonicWall Connect Tunnel,"The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack.",Sonicwall,Connect Tunnel,,,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-10-11T08:17:13.448Z,0
CVE-2024-40766,https://securityvulnerability.io/vulnerability/CVE-2024-40766,Improper Access Control Vulnerability Affects Sonicwall Firewalls,"An improper access control issue has been detected in the management access of SonicWall's SonicOS. This vulnerability can allow unauthorized access to various resources within affected SonicWall Firewall devices, potentially leading to significant security risks. In certain scenarios, this vulnerability may also result in the firewall crashing, affecting the overall security posture and functionality of the network environment. The affected devices include generations 5, 6, and 7 of SonicWall Firewalls operating on SonicOS versions 7.0.1-5035 and earlier. Users are urged to review their systems and apply the necessary updates to mitigate associated risks.",Sonicwall,Sonicos,9.8,CRITICAL,0.008190000429749489,true,2024-09-09T00:00:00.000Z,true,true,true,2024-08-30T13:23:38.000Z,,true,true,2024-09-13T01:52:02.518Z,2024-08-23T06:19:07.229Z,6143
CVE-2024-40764,https://securityvulnerability.io/vulnerability/CVE-2024-40764,Unauthenticated DoS Vulnerability in SonicOS IPSec VPN,"A heap-based buffer overflow vulnerability has been identified in the SonicOS IPSec VPN, which can be exploited by unauthenticated remote attackers. The exploitation of this vulnerability could lead to a Denial of Service (DoS), affecting the availability of the service. It is critical for users of this platform to apply the recommended security patches and updates as provided by SonicWall to protect against potential threats. For further details on mitigation strategies, refer to the vendor advisory.",Sonicwall,Sonicos,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-18T07:42:37.995Z,0
CVE-2024-29014,https://securityvulnerability.io/vulnerability/CVE-2024-29014,Attackers Can Execute Arbitrary Code via SonicWall NetExtender Client Update,"The SonicWall NetExtender client update vulnerability (CVE-2024-29014) allows attackers to execute arbitrary code, while the Palo Alto Networks GlobalProtect App vulnerability (CVE-2024-5921) allows for remote code execution and privilege escalation. These vulnerabilities can be exploited to achieve remote code execution. Both vendors have released patches to address these vulnerabilities. While the exploits have not been exploited by ransomware groups, the potential impact of the vulnerabilities is significant, as attackers could install malicious software and compromise systems. The release of NachoVPN, an open-source tool that simulates rogue VPN servers capable of exploiting these and other vulnerabilities, highlights the urgency of addressing these vulnerabilities.",Sonicwall,Netextender,8.8,HIGH,0.0004900000058114529,false,,true,false,false,,,false,false,,2024-07-18T07:37:12.258Z,0
CVE-2024-29013,https://securityvulnerability.io/vulnerability/CVE-2024-29013,SonicOS SSL-VPN Buffer Overflow Vulnerability Leads to Denial of Service,Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.,Sonicwall,Sonicos,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-20T08:14:23.845Z,0
CVE-2024-29012,https://securityvulnerability.io/vulnerability/CVE-2024-29012,SonicOS HTTP Server Buffer Overflow Vulnerability Leads to DoS,"The SonicOS HTTP server is susceptible to a stack-based buffer overflow vulnerability that can be exploited by an authenticated remote attacker. By leveraging this vulnerability, an attacker can utilize the sscanf function to manipulate buffer allocations, ultimately causing a Denial of Service (DoS) condition. This issue highlights the critical nature of secure coding practices and the importance of timely patch management to protect against potential attack vectors.",Sonicwall,Sonicos,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-20T08:11:10.318Z,0
CVE-2024-22398,https://securityvulnerability.io/vulnerability/CVE-2024-22398,Path Traversal Vulnerability Could Lead to File Deletion,An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.,Sonicwall,Email Security,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-14T03:29:03.884Z,0