Vulnerabilidades en SonicWall

187 resultados
CVE-2021-20041An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfileEPSS 6.8%CVE-2023-34132Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This EPSS 6.5%CVE-2019-7489A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affEPSS 5.3%CVE-2018-9866CRITICALA vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual EPSS 4.5%CVE-2022-1701SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.EPSS 4.4%CVE-2019-7483HIGHIn SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the preseEPSS 4.0%KEVCVE-2021-20035MEDIUMImproper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary coEPSS 3.9%KEVCVE-2021-20020A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.EPSS 3.7%CVE-2025-32820HIGHA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make anEPSS 3.0%CVE-2021-20042An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This EPSS 2.7%CVE-2021-20032SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potEPSS 2.0%CVE-2021-20048A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of ServicEPSS 1.9%CVE-2021-20046A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of SEPSS 1.9%CVE-2025-40602MEDIUMA local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).EPSS 1.9%KEVCVE-2022-22273Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) pEPSS 1.9%CVE-2019-7488Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. TEPSS 1.9%CVE-2020-5146A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parametEPSS 1.9%CVE-2024-29014HIGHVulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary cEPSS 1.9%CVE-2021-20017A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobodEPSS 1.8%CVE-2020-5138A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPEPSS 1.7%