Sonicos

sonicos

Vendor: Sonicwall • 68 CVEs

CVEs (68)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-0206 1Sonicwall 1Sonicos May 5, 2026 Apr 29, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0205 1Sonicwall 1Sonicos May 5, 2026 Apr 29, 2026 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
CVE-2026-0204 1Sonicwall 1Sonicos May 5, 2026 Apr 29, 2026 N/A· v4 8.0 HIGH· v3 N/A· v2 A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
CVE-2026-3439 1Sonicwall 1Sonicos Mar 5, 2026 Mar 4, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.
CVE-2026-0402 1Sonicwall 1Sonicos Feb 26, 2026 Feb 24, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0401 1Sonicwall 1Sonicos Feb 26, 2026 Feb 24, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0400 1Sonicwall 1Sonicos Feb 26, 2026 Feb 24, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0399 1Sonicwall 1Sonicos Feb 26, 2026 Feb 24, 2026 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.
CVE-2025-40601 1Sonicwall 1Sonicos Dec 12, 2025 Nov 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
CVE-2025-40600 1Sonicwall 1Sonicos Aug 11, 2025 Jul 29, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.
CVE-2024-53704 1Sonicwall 1Sonicos Oct 31, 2025 Jan 9, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVE-2024-40766 1Sonicwall 1Sonicos Oct 31, 2025 Aug 23, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This...Show more An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.Show less
CVE-2024-40764 1Sonicwall 1Sonicos Nov 21, 2024 Jul 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
CVE-2024-3596 3Broadcom FreeradiusSonicwall 4Brocade Sannav Fabric Operating SystemFreeradius+1 more May 12, 2026 Jul 9, 2024 N/A· v4 9.0 CRITICAL· v3 N/A· v2 RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix colli...Show more RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.Show less
CVE-2024-29013 1Sonicwall 1Sonicos Mar 25, 2025 Jun 20, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
CVE-2024-29012 1Sonicwall 1Sonicos Mar 25, 2025 Jun 20, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
CVE-2024-22394 1Sonicwall 1Sonicos Nov 21, 2024 Feb 8, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware v...Show more An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. Show less
CVE-2023-41715 1Sonicwall 1Sonicos May 2, 2025 Oct 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
CVE-2023-41713 1Sonicwall 1Sonicos Nov 21, 2024 Oct 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
CVE-2023-41712 1Sonicwall 1Sonicos Nov 21, 2024 Oct 17, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.

12 3 4 Next