cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12802,https://securityvulnerability.io/vulnerability/CVE-2024-12802,MFA Bypass Vulnerability in SonicWALL SSL-VPN Affecting Microsoft Active Directory Integration,"A vulnerability in SonicWALL’s SSL-VPN could allow attackers to bypass Multi-Factor Authentication (MFA) by exploiting inconsistencies in how User Principal Names (UPN) and Security Account Manager (SAM) account names are handled during integration with Microsoft Active Directory. This separation enables attackers to configure MFA independently for different login methods, creating a potential pathway for unauthorized access.",Sonicwall,Sonicos,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T09:08:26.012Z,0
CVE-2024-12806,https://securityvulnerability.io/vulnerability/CVE-2024-12806,Post-Authentication Path Traversal Vulnerability in SonicOS by SonicWall,A post-authentication absolute path traversal vulnerability in SonicOS management enables a remote attacker to exploit the system by accessing arbitrary files. This flaw could lead to unauthorized information disclosure and potentially compromise sensitive data. Users are advised to apply the latest updates to mitigate risks associated with this vulnerability.,Sonicwall,Sonicos,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:28:13.844Z,0
CVE-2024-12805,https://securityvulnerability.io/vulnerability/CVE-2024-12805,Post-Authentication Format String Vulnerability in SonicWall SonicOS,"A format string vulnerability exists in the SonicOS management interface, which is exposed after user authentication. This flaw can be exploited by remote attackers to crash the firewall or potentially execute arbitrary code remotely, posing a significant risk to network security. Users are advised to review the SonicWall advisory and apply necessary mitigation measures to protect their systems.",Sonicwall,Sonicos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:24:12.357Z,0
CVE-2024-12803,https://securityvulnerability.io/vulnerability/CVE-2024-12803,Buffer Overflow Vulnerability in SonicWall's SonicOS Management,"A stack-based buffer overflow vulnerability in the management interface of SonicWall's SonicOS has been identified, which allows remote authenticated attackers to cause a denial of service on the firewall. Exploiting this vulnerability could potentially enable attackers to execute arbitrary code, compromising network security and stability.",Sonicwall,Sonicos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:21:53.799Z,0
CVE-2024-40765,https://securityvulnerability.io/vulnerability/CVE-2024-40765,Integer-based Buffer Overflow Vulnerability in SonicOS by SonicWall,"SonicOS has a vulnerability that stems from an integer-based buffer overflow in the processing of IPSec. This allows remote attackers, under specific circumstances, to send a carefully crafted IKEv2 payload. Exploiting this flaw could lead to a Denial of Service (DoS) situation and potentially allow the execution of arbitrary code. It is essential for users to be aware of this vulnerability and apply any necessary updates provided by SonicWall to safeguard their systems.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:12:40.644Z,0
CVE-2024-53706,https://securityvulnerability.io/vulnerability/CVE-2024-53706,Privilege Escalation Vulnerability in Gen7 SonicOS Cloud Platform by SonicWall,"A vulnerability in the Gen7 SonicOS Cloud platform NSv enables a remote authenticated local attacker with low privileges to escalate their privileges to root. This escalation could allow the attacker to execute arbitrary code, posing significant risks to system security and stability.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T07:05:11.185Z,0
CVE-2024-53705,https://securityvulnerability.io/vulnerability/CVE-2024-53705,Server-Side Request Forgery in SonicWall SonicOS SSH Management Interface,"A vulnerability in the SonicOS SSH management interface allows remote attackers to exploit Server-Side Request Forgery. This flaw enables an attacker to create a TCP connection to any IP address on any port while a user is logged into the firewall, potentially leading to unauthorized access and further compromise of the network.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T06:58:40.573Z,0
CVE-2024-53704,https://securityvulnerability.io/vulnerability/CVE-2024-53704,Improper Authentication Vulnerability in SSLVPN by SonicWall,"An improper authentication vulnerability exists in the SSLVPN authentication mechanism, allowing malicious actors to bypass authentication processes. This security loophole could enable a remote attacker to gain unauthorized access, presenting a significant risk to sensitive systems and data.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,true,false,true,2025-01-23T15:45:02.000Z,false,false,false,,2025-01-09T06:52:16.771Z,1474
CVE-2024-40762,https://securityvulnerability.io/vulnerability/CVE-2024-40762,Predictable Authentication Bypass in SonicWall SSLVPN Product,"This vulnerability involves the use of a Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the authentication token generator of SonicWall's SSLVPN. In certain scenarios, an attacker can predict the generated tokens, leading to potential authentication bypass. This flaw can compromise user accounts, grant unauthorized access, and expose sensitive data. It is crucial for users to apply the latest security updates to mitigate this issue.",Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T06:43:25.000Z,0
CVE-2024-40766,https://securityvulnerability.io/vulnerability/CVE-2024-40766,Improper Access Control Vulnerability Affects Sonicwall Firewalls,"An improper access control issue has been detected in the management access of SonicWall's SonicOS. This vulnerability can allow unauthorized access to various resources within affected SonicWall Firewall devices, potentially leading to significant security risks. In certain scenarios, this vulnerability may also result in the firewall crashing, affecting the overall security posture and functionality of the network environment. The affected devices include generations 5, 6, and 7 of SonicWall Firewalls operating on SonicOS versions 7.0.1-5035 and earlier. Users are urged to review their systems and apply the necessary updates to mitigate associated risks.",Sonicwall,Sonicos,9.8,CRITICAL,0.008190000429749489,true,2024-09-09T00:00:00.000Z,true,true,true,2024-08-30T13:23:38.000Z,,true,true,2024-09-13T01:52:02.518Z,2024-08-23T06:19:07.229Z,6143
CVE-2024-40764,https://securityvulnerability.io/vulnerability/CVE-2024-40764,Unauthenticated DoS Vulnerability in SonicOS IPSec VPN,"A heap-based buffer overflow vulnerability has been identified in the SonicOS IPSec VPN, which can be exploited by unauthenticated remote attackers. The exploitation of this vulnerability could lead to a Denial of Service (DoS), affecting the availability of the service. It is critical for users of this platform to apply the recommended security patches and updates as provided by SonicWall to protect against potential threats. For further details on mitigation strategies, refer to the vendor advisory.",Sonicwall,Sonicos,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-18T07:42:37.995Z,0
CVE-2024-29013,https://securityvulnerability.io/vulnerability/CVE-2024-29013,SonicOS SSL-VPN Buffer Overflow Vulnerability Leads to Denial of Service,Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.,Sonicwall,Sonicos,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-20T08:14:23.845Z,0
CVE-2024-29012,https://securityvulnerability.io/vulnerability/CVE-2024-29012,SonicOS HTTP Server Buffer Overflow Vulnerability Leads to DoS,"The SonicOS HTTP server is susceptible to a stack-based buffer overflow vulnerability that can be exploited by an authenticated remote attacker. By leveraging this vulnerability, an attacker can utilize the sscanf function to manipulate buffer allocations, ultimately causing a Denial of Service (DoS) condition. This issue highlights the critical nature of secure coding practices and the importance of timely patch management to protect against potential attack vectors.",Sonicwall,Sonicos,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-20T08:11:10.318Z,0
CVE-2024-22397,https://securityvulnerability.io/vulnerability/CVE-2024-22397,Arbitrary JavaScript Code Execution Vulnerability in SonicOS SSLVPN Portal,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.,Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-14T03:23:52.971Z,0
CVE-2024-22396,https://securityvulnerability.io/vulnerability/CVE-2024-22396,Integer-based buffer overflow vulnerability allows DoS and arbitrary code execution,An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.,Sonicwall,Sonicos,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-14T03:15:55.008Z,0
CVE-2024-22394,https://securityvulnerability.io/vulnerability/CVE-2024-22394,Improper Authentication Vulnerability Affects SonicWall SSL-VPN,"An improper authentication vulnerability exists within the SSL-VPN feature of SonicWall's SonicOS. When exploited under specific conditions, this vulnerability enables a remote attacker to bypass the authentication mechanism, potentially leading to unauthorized access. This issue is present exclusively in SonicOS firmware version 7.1.1-7040, posing a significant risk to organizations using this version for secure remote access.",SonicWall,SonicOS,9.8,CRITICAL,0.0010499999625608325,false,,false,false,false,,,false,false,,2024-02-08T01:14:33.634Z,0
CVE-2023-39276,https://securityvulnerability.io/vulnerability/CVE-2023-39276,Stack-Based Buffer Overflow in SonicWall Firewall,"A stack-based buffer overflow vulnerability exists in the SonicWall SonicOS, specifically in the getBookmarkList.json URL endpoint. This flaw occurs post-authentication and can lead to a crash of the firewall functionality, potentially disrupting network services. Users are advised to apply the relevant updates to safeguard against potential exploitation.",Sonicwall,Sonicos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-39279,https://securityvulnerability.io/vulnerability/CVE-2023-39279,Stack-Based Buffer Overflow in SonicWall Firewall,"SonicWall's SonicOS is susceptible to a stack-based buffer overflow vulnerability found in the getPacketReplayData.json URL endpoint after user authentication. This flaw can result in a crash of the firewall system, potentially disrupting network security functions and exposing systems to further risks. Users and administrators are encouraged to apply the latest patches and monitor their systems for any unusual activities.",Sonicwall,Sonicos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-41712,https://securityvulnerability.io/vulnerability/CVE-2023-41712,Stack-Based Buffer Overflow in SonicWall's SSL VPN Firewall,"This vulnerability in SonicWall's SSL VPN occurs post-authentication within the plainprefs.exp URL endpoint, allowing an attacker to exploit a stack-based buffer overflow. This can result in a crash of the firewall, potentially leading to service disruption. Users are highly encouraged to apply the latest patches to mitigate the risk associated with this vulnerability.",Sonicwall,Sonicos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-39277,https://securityvulnerability.io/vulnerability/CVE-2023-39277,Stack-Based Buffer Overflow Vulnerability in SonicWall's SonicOS,"A stack-based buffer overflow vulnerability exists in SonicWall's SonicOS, specifically in the sonicflow.csv and appflowsessions.csv URL endpoints. This flaw can be exploited post-authentication, potentially leading to a crash of the firewall, disrupting network security measures and impacting overall system stability. It is essential for users of affected SonicOS versions to apply the recommended fixes to mitigate potential risks.",Sonicwall,Sonicos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-41715,https://securityvulnerability.io/vulnerability/CVE-2023-41715,Improper Privilege Management in SonicWall SonicOS SSL VPN Tunnel,"The vulnerability in SonicWall SonicOS SSL VPN Tunnel allows authenticated users to elevate their privileges, potentially leading to unauthorized access to sensitive data and system functionalities within the secured environment. This flaw raises significant concerns regarding user security and the integrity of access controls in the VPN. Organizations using SonicWall's solutions should assess their systems for this vulnerability and apply best security practices to mitigate potential risks.",SonicWall,SonicOS,8.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-39280,https://securityvulnerability.io/vulnerability/CVE-2023-39280,Stack-Based Buffer Overflow Vulnerability in SonicWall's SonicOS Firewall,"A stack-based buffer overflow vulnerability has been identified in SonicWall's SonicOS affecting the ssoStats-s.xml and ssoStats-s.wri URL endpoints. Exploitation of this vulnerability can lead to unintended consequences, including the potential crashing of the firewall service, which may disrupt network operations. Users should be aware of this issue to ensure they are protected from possible exploitation.",Sonicwall,Sonicos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-41711,https://securityvulnerability.io/vulnerability/CVE-2023-41711,Stack-Based Buffer Overflow Vulnerability in SonicWall Firewall,"The vulnerability in SonicOS is a stack-based buffer overflow found in the sonicwall.exp and prefs.exp URL endpoints. This issue occurs post-authentication and can lead to a complete crash of the firewall, potentially disrupting services and exposing the network to various security threats. It is essential for users to apply the recommended fixes as outlined in the vendor advisory to mitigate any risks associated with this vulnerability.",Sonicwall,Sonicos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-41713,https://securityvulnerability.io/vulnerability/CVE-2023-41713,SonicWall SonicOS Hard-coded Password Vulnerability in Demo Function,"A security issue has been identified in SonicWall's SonicOS where a hard-coded password is utilized in the 'dynHandleBuyToolbar' demo function. This vulnerability can potentially allow unauthorized access, compromising the security measures intended to protect users and their data. Organizations using affected versions are strongly advised to apply the latest security updates to mitigate associated risks.",Sonicwall,Sonicos,7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0
CVE-2023-39278,https://securityvulnerability.io/vulnerability/CVE-2023-39278,Stack-Based Buffer Overflow in SonicWall SonicOS Firewall,"A stack-based buffer overflow vulnerability in SonicWall SonicOS occurs post-authentication due to improper validation within the main.cgi interface. This flaw may lead to unauthorized access, resulting in the potential crash of the firewall, thus compromising network security. Users are urged to apply patches and updates to mitigate this risk.",Sonicwall,Sonicos,6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-10-17T23:15:00.000Z,0