MidnightBSD

Advisories for sonicwall

CVE-2000-1097 MEDIUM

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall soho_firewall 4.0.0
sonicwall soho_firewall 5.0.0
CVE-2000-1098 MEDIUM

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall soho_firewall 4.0.0
sonicwall soho_firewall 5.0.0
CVE-2001-0376 HIGH

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall tele2 6.0.0
sonicwall soho2 6.0.0
CVE-2001-1104 HIGH

SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall soho_firmware 4.0.0
sonicwall soho_firmware 5.0.0
sonicwall soho_firmware 5.1.5.0
CVE-2002-2181 MEDIUM

SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall content_filtering *
CVE-2002-2341 MEDIUM

Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall soho3 6.3.0.0
CVE-2003-1320 MEDIUM

SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
sonicwall firmware *
CVE-2003-1490 HIGH

SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
sonicwall pro100 6.4.0.1
sonicwall pro200 6.4.0.1
sonicwall pro300 6.4.0.1
CVE-2005-1006 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall soho_firmware 5.1.7.0
CVE-2009-2631 MEDIUM

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-264,

Products Affected

Vendor Product Version
sonicwall ssl_vpn *
aladdin safenet_securewire_access_gateway *
stonesoft stonegate *
cisco adaptive_security_appliance *
sonicwall e-class_ssl_vpn *
CVE-2010-2583 HIGH

Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sonicwall ssl-vpn_end-point_interrogator/installer_activex_control 10.0.5
sonicwall ssl-vpn_end-point_interrogator/installer_activex_control *
CVE-2013-1359 HIGH

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
sonicwall viewpoint 5.0
sonicwall universal_management_appliance 7.0
sonicwall viewpoint 4.1
sonicwall global_management_system 5.0
sonicwall global_management_system 5.1
sonicwall viewpoint 6.0
sonicwall global_management_system 6.0
sonicwall universal_management_appliance 6.0
sonicwall analyzer 7.0
sonicwall universal_management_appliance 5.1
sonicwall global_management_system 7.0
sonicwall global_management_system 4.1
CVE-2013-1360 HIGH

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
sonicwall viewpoint 5.0
sonicwall universal_management_appliance 7.0
sonicwall viewpoint 4.1
sonicwall global_management_system 5.0
sonicwall global_management_system 5.1
sonicwall viewpoint 6.0
sonicwall global_management_system 6.0
sonicwall universal_management_appliance 6.0
sonicwall analyzer 7.0
sonicwall universal_management_appliance 5.1
sonicwall global_management_system 7.0
sonicwall global_management_system 4.1
CVE-2013-7025 LOW

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall global_management_system 7.1
sonicwall uma_e5000_firmware 7.0
sonicwall analyzer 7.1
sonicwall analyzer 7.0
sonicwall uma_e5000_firmware 7.1
sonicwall global_management_system 7.0
CVE-2014-0332 MEDIUM

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall global_management_system 7.1
sonicwall analyzer 7.1
sonicwall analyzer 7.0
sonicwall global_management_system 7.0
CVE-2014-2589 MEDIUM

Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall nsa_2400 -
CVE-2014-2879 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall email_security_appliance *
CVE-2014-4976 MEDIUM

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sonicwall scrutinizer 11.0.1
CVE-2014-4977 MEDIUM

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
sonicwall scrutinizer 11.0.1
CVE-2014-5024 MEDIUM

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall uma_em5000 -
sonicwall global_management_system *
sonicwall analyzer *
CVE-2014-8420 HIGH

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
sonicwall global_management_system 7.2
sonicwall uma_em5000 -
sonicwall analyzer 7.2
CVE-2015-2248 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
sonicwall remote_access_firmware *
CVE-2015-3447 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.5.0.12
CVE-2015-3990 HIGH

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
sonicwall uma_em5000_firmware *
sonicwall global_management_system *
sonicwall analyzer *
CVE-2015-4173 MEDIUM

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2016-2396 HIGH

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
sonicwall global_management_system 7.2
sonicwall uma_em5000_firmware 8.0
sonicwall analyzer 8.0
sonicwall global_management_system 8.0
sonicwall uma_em5000_firmware 8.1
sonicwall global_management_system 8.1
sonicwall analyzer 7.2
sonicwall analyzer 8.1
sonicwall uma_em5000_firmware 7.2
CVE-2016-2397 HIGH

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
sonicwall global_management_system 7.2
sonicwall uma_em5000_firmware 8.0
sonicwall analyzer 8.0
sonicwall global_management_system 8.0
sonicwall uma_em5000_firmware 8.1
sonicwall global_management_system 8.1
sonicwall analyzer 7.2
sonicwall analyzer 8.1
sonicwall uma_em5000_firmware 7.2
CVE-2018-3639 LOW

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel xeon_e5_2630l_v3 -
intel xeon_e7 8837
intel atom_z z3775d
siemens simatic_ipc847c_firmware *
redhat openstack 10
intel xeon_e3_1281_v3 -
intel xeon_e5_2618l_v2 -
intel xeon_e5 2660_v2
intel xeon_platinum 8176
intel xeon_e5_1620 -
intel xeon_e5_2609_v3 -
intel xeon_e7 8870_v3
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.3
intel xeon_platinum 8176m
intel xeon_e5 2660_v4
intel core_i7 32nm
intel atom_x5-e3930 -
siemens simatic_ipc647c_firmware *
canonical ubuntu_linux 17.10
intel xeon_e5 2658_v4
intel xeon_e5_1428l_v2 -
intel xeon_silver 4112
intel xeon_gold 86150
intel xeon_e3 x3480
intel atom_z z2580
intel xeon_gold 85119t
intel xeon_e5_2650l_v3 -
intel xeon_e5 4624l_v2
intel xeon_e5_1680_v3 -
intel atom_e e3815
intel xeon_e3_1285l_v3 -
intel xeon_e5_1630_v3 -
sonicwall secure_mobile_access -
intel xeon_e5 2690_v3
redhat enterprise_linux_server 6.0
redhat openstack 9
intel xeon_e5_2630 -
intel pentium_silver n5000
intel xeon_e5 4655_v4
intel xeon_e3 1575m_v5
intel xeon_e3_1245 -
intel xeon_e3_1246_v3 -
intel xeon_e3_1285l_v4 -
intel xeon_gold 86146
intel atom_c c3558
intel xeon_e3 1585l_v5
intel xeon_e5_2620_v2 -
intel xeon_e3 e5502
siemens itc1500_pro_firmware *
intel xeon_e3 x3460
intel xeon_e7 8867l
intel xeon_e5_2430_v2 -
intel xeon_e3 e5504
intel xeon_e3_1265l_v3 -
intel xeon_e3_1220_v5 -
intel xeon_e5_2440_v2 -
intel xeon_gold 5115
intel xeon_e5_2603 -
intel xeon_gold 86144
redhat enterprise_linux_eus 6.7
intel xeon_e7 4809_v4
redhat enterprise_linux_eus 7.7
siemens simatic_ipc847d_firmware *
intel xeon_e5_1650 -
redhat enterprise_linux_server_tus 7.2
intel atom_z z2520
intel atom_c c3958
intel xeon_e3 l5530
siemens itc2200_firmware *
mitel mivoice_border_gateway -
intel core_i5 32nm
intel atom_x5-e3940 -
intel atom_c c3955
microsoft windows_10 -
intel xeon_e7 4830
intel xeon_e3_1258l_v4 -
redhat enterprise_linux_server_tus 7.4
intel xeon_e7 4830_v2
siemens simatic_ipc477c_firmware -
intel xeon_e3_1280_v5 -
intel xeon_e7 8890_v4
sonicwall web_application_firewall -
intel xeon_e3_1270 -
redhat openstack 7.0
intel xeon_e3_1240_v2 -
intel xeon_e5 4667_v4
intel xeon_e3_1230_v6 -
intel xeon_e7 8880_v2
intel xeon_e3 x5560
intel xeon_gold 86138t
intel xeon_e5_1428l -
siemens simatic_ipc827c_firmware *
redhat enterprise_linux_server_aus 5.9
intel xeon_e5 4610
arm cortex-a 72
intel xeon_e5_1650_v3 -
intel xeon_silver 4110
intel atom_c c3830
intel xeon_e3 1558l_v5
siemens simatic_field_pg_m4_firmware *
siemens simatic_ipc677c_firmware *
intel xeon_e5_2609_v2 -
intel xeon_e5 4640
intel xeon_e7 8880l_v3
intel atom_e e3825
siemens simatic_ipc477e_pro_firmware *
intel xeon_e5_2650l -
intel xeon_e3_1505l_v6 -
microsoft windows_server_2008 r2
intel pentium n4000
intel xeon_e7 4830_v3
intel xeon_gold 85120t
siemens simatic_field_pg_m5_firmware *
intel atom_c c3538
intel xeon_e3 x3430
intel atom_z z3735d
intel xeon_e5 4627_v2
intel xeon_e5_2418l_v2 -
intel xeon_e5 4620
intel xeon_e5_2408l_v3 -
intel xeon_e3_1231_v3 -
intel xeon_e3_1265l_v4 -
microsoft windows_10 1809
intel xeon_e3_1280 -
intel xeon_e5_2648l -
intel xeon_e3 e6540
microsoft surface_book -
intel xeon_e5 2697a_v4
intel xeon_e3_1270_v2 -
intel xeon_e5 4648_v3
intel xeon_e5_2609 -
intel xeon_e5_2630_v3 -
intel xeon_e5_2648l_v2 -
intel xeon_platinum 8160f
intel xeon_e5 2697_v3
intel xeon_gold 86130t
intel atom_z z3480
sonicwall sonicosv -
intel xeon_e3_1275_v3 -
intel xeon_e5 4669_v4
nvidia jetson_tx2 *
intel xeon_e7 4850_v2
sonicwall global_management_system -
intel xeon_e5 4640_v4
redhat enterprise_linux_server 7.0
intel xeon_e5_2640_v2 -
intel xeon_e7 4830_v4
intel xeon_e7 8880l_v2
intel atom_z z2560
siemens simatic_ipc677d_firmware *
intel core_i7 45nm
intel atom_c c3338
intel xeon_e5_2603_v4 -
intel xeon_e3 1535m_v6
intel xeon_e7 2860
intel xeon_e3_1230_v2 -
microsoft windows_server_2016 1709
intel xeon_e5_2630_v4 -
intel xeon_e7 4850_v4
intel atom_z z2420
microsoft windows_server_2012 -
intel xeon_platinum 8168
intel xeon_e3_1105c_v2 -
intel xeon_e5 2670
intel xeon_e5 2697_v2
intel xeon_e7 2890_v2
intel xeon_e5_2650 -
intel xeon_e3_1225_v2 -
intel xeon_e5_2650_v2 -
siemens sinumerik_pcu_50.5_firmware *
intel xeon_e5 2687w_v3
intel xeon_e5_2448l_v2 -
intel xeon_e7 8891_v2
intel atom_z z3590
debian debian_linux 8.0
siemens ruggedcom_ape_firmware -
intel atom_e e3805
intel xeon_e5 2683_v4
intel xeon_e3 x3440
intel atom_z z3736f
intel xeon_gold 86126
intel atom_z z3735g
intel xeon_gold 85118
intel atom_z z3460
intel xeon_e5 2667
intel xeon_e7 4870_v2
intel xeon_gold 86142f
intel xeon_e5 2699a_v4
microsoft windows_10 1803
intel xeon_e7 4809_v3
intel xeon_e5_2620_v3 -
intel xeon_e3_1125c_v2 -
intel xeon_gold 86142
redhat enterprise_linux_server_aus 7.3
intel xeon_e5_2643 -
intel xeon_e7 2870_v2
intel xeon_e7 2870
intel xeon_e3 3600
intel xeon_e5_2650_v4 -
intel xeon_silver 4114
intel xeon_platinum 8160m
intel xeon_e3_1505m_v5 -
intel xeon_e3 l5518_
siemens simatic_ipc427e_firmware *
intel xeon_e5_1660_v3 -
redhat enterprise_linux_eus 7.6
intel xeon_e3_1275l_v3 -
intel xeon_e5 4617
intel xeon_e3_1240 -
intel xeon_e7 8857_v2
intel xeon_e3_1286_v3 -
intel xeon_e5 2680_v4
intel atom_c c3950
intel xeon_e5_2450l -
intel xeon_e5_2637_v4 -
intel xeon_e5 2687w_v2
siemens sinema_remote_connect_firmware -
intel xeon_e7 2820
redhat enterprise_linux_server_aus 6.4
intel pentium n4200
intel xeon_e5_2630l_v2 -
intel atom_c c2308
intel atom_z z3740d
intel xeon_e3 1535m_v5
mitel mivoice_connect -
intel pentium_silver j5005
intel xeon_e3_1220_v6 -
intel xeon_e5_1660_v4 -
intel xeon_e5_2620_v4 -
redhat mrg_realtime 2.0
intel atom_c c3858
intel xeon_e5 4640_v3
intel xeon_e7 4820_v2
intel xeon_e3_1290 -
intel xeon_e5 2667_v3
intel xeon_e5 4620_v4
intel xeon_e5 4627_v3
intel core_i3 45nm
intel xeon_platinum 8164
intel xeon_e3 e5520
mitel mivoic_mx-one -
intel xeon_e7 4809_v2
intel xeon_e7 2850
intel xeon_e7 4807
intel xeon_e3_1290_v2 -
intel xeon_e5 4650_v4
intel xeon_e5_2430 -
intel xeon_gold 86148
intel xeon_e5_2430l_v2 -
intel xeon_e7 8860_v3
intel xeon_e3_1260l -
redhat enterprise_linux_desktop 6.0
mitel micollab -
intel xeon_e3_1501m_v6 -
intel xeon_e5_2618l_v3 -
intel celeron_j j4105
intel xeon_e3_1285_v4 -
intel xeon_e3 e5540
intel xeon_e5 2660_v3
intel xeon_e5_2628l_v4 -
intel xeon_e3 l3406
intel atom_z z3795
intel xeon_gold 86154
intel atom_z z2480
intel xeon_e3_1275_v6 -
intel xeon_e5 2687w_v4
microsoft windows_10 1709
intel xeon_e5 2650l_v4
intel xeon_e5_1660_v2 -
microsoft windows_7 -
intel celeron_n n3450
microsoft windows_server_2008 sp2
intel xeon_e3_1245_v5 -
intel xeon_e5 2670_v2
intel atom_z z3735e
intel xeon_e5 2680_v2
intel xeon_e5_2623_v4 -
intel xeon_e3_1225_v3 -
intel xeon_e5 4628l_v4
intel atom_x7-e3950 -
intel xeon_e3 x3450
intel xeon_e5_2470_v2 -
intel xeon_e5_2640 -
intel xeon_e5 2690
intel xeon_e5 4603
intel xeon_e5_2448l -
sonicwall email_security -
intel xeon_gold 86152
intel xeon_e5 4650
intel xeon_platinum 8176f
intel xeon_e5_2608l_v4 -
siemens simatic_ipc647d_firmware *
intel xeon_e3 1578l_v5
intel xeon_e3_1265l_v2 -
intel xeon_e7 2850_v2
microsoft windows_10 1703
intel xeon_e5 2695_v3
intel xeon_e5_1680_v4 -
intel xeon_e5_2430l -
intel xeon_e3 1545m_v5
intel atom_z z3580
intel xeon_platinum 8170m
intel xeon_e5_2428l_v3 -
intel xeon_e3_1240l_v5 -
intel atom_z z3785
intel xeon_platinum 8160
intel xeon_gold 86126f
redhat enterprise_linux_server_aus 6.5
intel xeon_e3_1230 -
intel xeon_e5 4610_v3
intel xeon_e5_2438l_v3 -
intel xeon_e3_1271_v3 -
intel xeon_platinum 8158
intel xeon_silver 4116t
siemens simatic_ipc477e_firmware *
intel xeon_e3_1245_v6 -
intel xeon_e3_1285_v3 -
intel xeon_e7 8893_v3
siemens simatic_ipc477d_firmware *
intel core_i3 32nm
intel xeon_e3 e5530
intel xeon_e5 2697_v4
canonical ubuntu_linux 16.04
intel xeon_e5 2680_v3
siemens simatic_itp1000_firmware *
intel xeon_e5 4660_v4
intel xeon_e5_1620_v3 -
intel atom_c c3308
intel xeon_e3_1230_v3 -
intel xeon_e5_2618l_v4 -
redhat enterprise_linux_server_tus 7.3
schneider-electric struxureware_data_center_expert *
intel xeon_e5_2650l_v2 -
intel xeon_e5 2658_v2
intel xeon_gold 86138f
redhat enterprise_linux_workstation 7.0
mitel mivoice_5000 -
intel xeon_e5_2420_v2 -
siemens simotion_p320-4e_firmware *
intel xeon_e5_1650_v4 -
intel xeon_e3_1220_v3 -
intel xeon_e3_1286l_v3 -
intel xeon_e5 2695_v4
intel xeon_e5_2450 -
intel xeon_gold 86130f
intel xeon_e7 4860_v2
intel xeon_e3_1268l_v3 -
intel xeon_e3 l5520
intel atom_c c3758
intel xeon_e5_2628l_v3 -
intel atom_z z3570
intel xeon_e7 8890_v3
canonical ubuntu_linux 14.04
intel xeon_e5 2698_v3
intel xeon_e3_1240_v5 -
intel xeon_e5 4607
microsoft surface_studio -
intel atom_z z3740
intel pentium_j j4205
intel xeon_e3_1285_v6 -
microsoft windows_10 1607
intel atom_c c3508
intel xeon_e3 x5570
siemens itc1500_firmware *
intel xeon_e5_2637 -
intel xeon_e5 4650l
intel xeon_gold 86136
intel pentium n4100
intel xeon_e3_1240_v3 -
intel xeon_e7 2830
intel xeon_e3 w5590
debian debian_linux 9.0
intel atom_c c3850
intel xeon_e3_12201_v2 -
intel xeon_e5 2665
intel xeon_e7 8893_v2
intel xeon_gold 85120
intel xeon_silver 4114t
intel atom_z z3775
intel xeon_e3 1220_
intel xeon_e3_1270_v3 -
intel core_m 45nm
intel atom_z z3745
intel xeon_e5_2630l -
intel xeon_e3_1245_v3 -
intel xeon_e3_1278l_v4 -
intel xeon_e5_2403_v2 -
intel xeon_e3 7500
siemens simatic_ipc547e_firmware *
intel xeon_e7 4820_v4
intel xeon_e5 4650_v2
intel xeon_e5_2648l_v4 -
intel xeon_e7 8870_v4
intel xeon_e3_1241_v3 -
intel atom_z z3530
canonical ubuntu_linux 18.04
siemens simatic_ipc3000_smart_firmware *
intel xeon_e5 2670_v3
microsoft windows_server_2016 -
intel xeon_gold 86134
intel xeon_e5 2690_v4
siemens simatic_ipc347e_firmware *
intel xeon_e5_2608l_v3 -
intel xeon_e7 8891_v4
intel xeon_e7 8850
mitel open_integration_gateway -
intel xeon_e5 4620_v2
microsoft windows_server_2016 1803
intel xeon_e3_1505l_v5 -
redhat enterprise_linux_workstation 6.0
intel xeon_e3 w5580
siemens simatic_et_200_sp_firmware *
intel xeon_gold 85115
intel xeon_e3_1501l_v6 -
intel xeon_e5_2470 -
intel xeon_gold 86140m
intel xeon_e7 4850_v3
intel xeon_e5 4655_v3
intel xeon_e5_2418l_v3 -
redhat enterprise_linux_server_tus 7.7
intel atom_z z3736g
intel xeon_e5_2640_v3 -
intel xeon_e7 8894_v4
canonical ubuntu_linux 12.04
intel xeon_e7 4870
intel xeon_e5_2418l -
intel xeon_gold 85122
intel xeon_e3_1270_v5 -
intel xeon_e3 e5507
intel xeon_e7 8867_v3
siemens sinumerik_tcu_30.3_firmware -
intel xeon_e5_2403 -
intel xeon_gold 86134m
intel celeron_j j3455
intel xeon_platinum 8156
redhat enterprise_linux_server_tus 7.6
intel xeon_e3_1275_v5 -
oracle local_service_management_system *
intel atom_z z3560
intel xeon_e3_1240_v6 -
intel xeon_e5_2428l -
intel xeon_e5_2648l_v3 -
intel xeon_e3 l3403
intel xeon_e5 2699_v4
intel xeon_e5_1620_v4 -
intel xeon_e5_2643_v3 -
intel xeon_platinum 8170
intel xeon_gold 86148f
siemens itc1900_firmware *
intel xeon_e5_2450_v2 -
redhat enterprise_linux_server_aus 7.4
intel xeon_e3 125c_
intel xeon_e5_2628l_v2 -
microsoft windows_server_2012 r2
intel core_i5 45nm
intel xeon_e7 2803
intel xeon_e3_1240l_v3 -
intel xeon_e3_1275_v2 -
mitel mivoice_business -
intel atom_c c3708
intel xeon_e5 4667_v3
intel atom_c c3808
intel xeon_e3 1275_
intel xeon_e5 2690_v2
intel atom_z z3735f
intel xeon_e3_1260l_v5 -
intel xeon_e3_1220_v2 -
intel xeon_e5 2687w
intel xeon_e7 8880_v4
intel xeon_gold 86130
intel xeon_e3 e5506
redhat virtualization_manager 4.3
intel core_m 32nm
intel xeon_e3_1225 -
intel xeon_e3 5600
intel xeon_e3 l3426
mitel micloud_management_portal *
intel xeon_e5 2658_v3
intel xeon_e5 2667_v4
intel xeon_e7 8860
intel xeon_e7 8893_v4
intel xeon_e5 4610_v4
intel xeon_e5_2640_v4 -
nvidia jetson_tx1 *
redhat openstack 8
intel xeon_platinum 8180
intel xeon_e3_1276_v3 -
intel atom_e e3827
intel xeon_e5 2699_v3
intel xeon_e7 8890_v2
redhat virtualization 4.0
intel xeon_e5_2420 -
intel xeon_e7 2880_v2
intel xeon_e3_12201 -
intel xeon_e7 8870_v2
siemens simatic_ipc427d_firmware *
intel xeon_e3 1565l_v5
intel xeon_e7 8860_v4
intel xeon_silver 4109t
intel xeon_e7 8880_v3
siemens simatic_ipc547g_firmware *
intel xeon_e3_1280_v6 -
intel xeon_e3_1280_v3 -
siemens simatic_ipc427c_firmware -
intel atom_e e3826
intel xeon_e5_1660 -
siemens simatic_ipc827d_firmware *
intel atom_z z3745d
redhat enterprise_linux_server_aus 7.2
intel xeon_gold 86138
intel xeon_e7 8867_v4
intel xeon_e3_1230_v5 -
intel xeon_e3_1220l_v3 -
intel xeon_e5 2698_v4
oracle solaris 11
siemens simatic_s7-1500_firmware *
intel xeon_e5 4660_v3
intel xeon_e5_2630l_v4 -
microsoft surface_pro 1796
sonicwall cloud_global_management_system -
intel xeon_e7 4820
intel xeon_e5 4607_v2
intel xeon_e5_2407_v2 -
intel xeon_gold 86132
intel xeon_e5_2450l_v2 -
arm cortex-a 15
intel xeon_e5_2609_v4 -
siemens itc1900_pro_firmware *
intel xeon_e3 e5503
intel xeon_e3_1235l_v5 -
intel xeon_e3 1515m_v5
intel xeon_e5 4603_v2
intel xeon_e5_2407 -
intel xeon_e3_1270_v6 -
redhat enterprise_linux_server_aus 6.6
intel xeon_e7 8850_v2
intel xeon_e5_2643_v2 -
intel xeon_platinum 8153
intel xeon_e3 l5508_
intel xeon_e5_1630_v4 -
intel xeon_e7 4880_v2
intel atom_z z2460
intel xeon_e3 x3470
redhat openstack 12
intel xeon_e5_1650_v2 -
intel xeon_e7 8830
intel xeon_e5 2680
intel xeon_e5_1620_v2 -
intel xeon_gold 86128
redhat enterprise_linux_eus 7.5
redhat virtualization_manager 4.2
intel xeon_e5_2643_v4 -
intel xeon_e7 4860
siemens sinumerik_840_d_sl_firmware -
intel xeon_e5 2658
intel xeon_e5_2637_v2 -
siemens itc2200_pro_firmware *
intel xeon_e5 4640_v2
intel atom_e e3845
intel xeon_e5 2667_v2
intel xeon_gold 86142m
intel xeon_e5_2603_v3 -
intel xeon_e3 1585_v5
intel xeon_e5 4627_v4
microsoft surface_pro 3
intel xeon_e-1105c -
intel xeon_e5 2695_v2
intel xeon_e5 2658a_v3
microsoft surface_pro_with_lte_advanced 1807
intel xeon_e3_1225_v5 -
intel xeon_gold 86126t
intel xeon_e5 2660
intel xeon_e5 2699r_v4
intel atom_c c3750
redhat enterprise_linux_server_tus 6.6
intel xeon_e5 2683_v3
intel xeon_e7 4850
intel xeon_e3_1226_v3 -
intel xeon_e5_2637_v3 -
intel xeon_e3 e6510
intel xeon_e7 4820_v3
intel xeon_e3 e6550
intel xeon_e3_1245_v2 -
intel atom_z z3770d
intel xeon_e5_2620 -
microsoft surface_book 2
siemens simatic_ipc627c_firmware *
intel xeon_e3_1268l_v5 -
intel xeon_e5_2630_v2 -
siemens simatic_ipc627d_firmware *
intel xeon_e3_1280_v2 -
intel xeon_e5_2440 -
intel atom_z z3770
intel xeon_e5 4610_v2
intel xeon_e3_1225_v6 -
intel xeon_e5_2650_v3 -
intel xeon_e3 1505m_v6
intel xeon_e5_2623_v3 -
intel xeon_e5_1428l_v3 -
intel xeon_gold 86140
redhat openstack 13
intel xeon_e5_2603_v2 -
intel xeon_e7 8870
intel xeon_e3 x5550
intel xeon_e5 4657l_v2
intel celeron_j j4005
intel xeon_e5 4650_v3
intel xeon_e5 4620_v3
microsoft surface -
intel xeon_e5 4669_v3
arm cortex-a 57
redhat enterprise_linux_eus 7.4
intel xeon_e5_2428l_v2 -
intel xeon_e7 4890_v2
intel xeon_silver 4116
intel xeon_e7 8891_v3
intel xeon_silver 4108
microsoft windows_8.1 -
intel xeon_e3_1230l_v3 -
intel xeon_platinum 8160t
intel xeon_e3 l5506
redhat enterprise_linux_desktop 7.0
intel xeon_e3_1235 -
intel atom_z z2760
microsoft surface_pro 4
CVE-2018-5280 LOW

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.9.0
sonicwall sonicos 6.5.0.0
sonicwall sonicos 6.5.1.0
sonicwall sonicos 6.5.2.0
CVE-2018-5281 LOW

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2018-5691 LOW

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sonicwall global_management_system *
sonicwall analyzer *
CVE-2018-9866 HIGH

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-20,

Products Affected

Vendor Product Version
sonicwall global_management_system *
CVE-2018-9867 LOW

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-285,CWE-732,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 6.0.5.3-86o
sonicwall sonicos 6.4.0.0
sonicwall sonicos 6.2.7.8
sonicwall sonicosv 6.5.0.2.8v_rc366
sonicwall sonicosv 6.5.0.2-8v_rc363
sonicwall sonicos 6.5.3.1
sonicwall sonicos 6.5.1.8
sonicwall sonicos 6.5.1.3
sonicwall sonicos 6.5.2.2
sonicwall sonicosv 6.5.0.2.8v_rc367
sonicwall sonicosv 6.5.0.2.8v_rc368
sonicwall sonicos 6.2.7.3
CVE-2019-12255 HIGH

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
CVE-2019-12256 HIGH

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
CVE-2019-12257 MEDIUM

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
CVE-2019-12258 MEDIUM

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
windriver vxworks 7.0
CVE-2019-12259 MEDIUM

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
sonicwall sonicos *
siemens 9410_power_meter_firmware *
windriver vxworks *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
siemens 9810_power_meter_firmware *
belden hirschmann_hios *
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
windriver vxworks 7.0
CVE-2019-12260 HIGH

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
oracle communications_eagle *
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
windriver vxworks 7.0
CVE-2019-12261 HIGH

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
oracle communications_eagle *
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
windriver vxworks 7.0
CVE-2019-12263 MEDIUM

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-787,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
windriver vxworks 7.0
CVE-2019-12265 MEDIUM

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
sonicwall sonicos *
windriver vxworks *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7025_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7018_firmware *
siemens siprotec_5_firmware *
siemens ruggedcom_win7200_firmware *
belden hirschmann_hios *
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.0
sonicwall sonicos 6.2.7.1
sonicwall sonicos 6.2.7.7
siemens ruggedcom_win7000_firmware *
windriver vxworks 7.0
CVE-2019-7474 MEDIUM

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-248,CWE-755,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 6.0.5.3-86o
sonicwall sonicos 6.4.0.0
sonicwall sonicos 6.2.7.8
sonicwall sonicosv 6.5.0.2.8v_rc366
sonicwall sonicosv 6.5.0.2-8v_rc363
sonicwall sonicos 6.5.3.1
sonicwall sonicos 6.5.1.8
sonicwall sonicos 6.5.1.3
sonicwall sonicos 6.5.2.2
sonicwall sonicosv 6.5.0.2.8v_rc367
sonicwall sonicosv 6.5.0.2.8v_rc368
sonicwall sonicos 6.2.7.3
CVE-2019-7475 HIGH

A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 6.0.5.3-86o
sonicwall sonicos 6.4.0.0
sonicwall sonicos 6.2.7.8
sonicwall sonicosv 6.5.0.2.8v_rc366
sonicwall sonicosv 6.5.0.2-8v_rc363
sonicwall sonicos 6.5.3.1
sonicwall sonicos 6.5.1.8
sonicwall sonicos 6.5.1.3
sonicwall sonicos 6.5.2.2
sonicwall sonicosv 6.5.0.2.8v_rc367
sonicwall sonicosv 6.5.0.2.8v_rc368
sonicwall sonicos 6.2.7.3
CVE-2019-7476 MEDIUM

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-1188,

Products Affected

Vendor Product Version
sonicwall global_management_system 9.1
sonicwall global_management_system 9.0
sonicwall global_management_system 8.7
sonicwall global_management_system *
sonicwall global_management_system 8.6
sonicwall global_management_system 8.4
CVE-2019-7477 MEDIUM

A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 6.0.5.3-86o
sonicwall sonicos 6.4.0.0
sonicwall sonicos 6.2.7.8
sonicwall sonicosv 6.5.0.2.8v_rc366
sonicwall sonicosv 6.5.0.2-8v_rc363
sonicwall sonicos 6.5.3.1
sonicwall sonicos 6.5.1.8
sonicwall sonicos 6.5.1.3
sonicwall sonicos 6.5.2.2
sonicwall sonicosv 6.5.0.2.8v_rc367
sonicwall sonicosv 6.5.0.2.8v_rc368
sonicwall sonicos 6.2.7.3
CVE-2019-7478 HIGH

A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
sonicwall global_management_system 9.1
sonicwall global_management_system 9.0
sonicwall global_management_system 8.7
sonicwall global_management_system 8.5
sonicwall global_management_system 8.6
sonicwall global_management_system 8.4
CVE-2019-7479 MEDIUM

A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-269,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 6.2.7.4-32n
sonicwall sonicos 6.5.3.3-3n
sonicwall sonicos 6.5.1.4-4n
sonicwall sonicosv 6.5.0.2.8v
sonicwall sonicos 6.2.7.10-3n
sonicwall sonicos 6.5.2.3-4n
sonicwall sonicos 6.5.1.9-4n
sonicwall sonicos 6.4.1.0-3n
CVE-2019-7481 MEDIUM

Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
CVE-2019-7482 HIGH

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
CVE-2019-7483 MEDIUM

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
CVE-2019-7484 MEDIUM

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
CVE-2019-7485 MEDIUM

Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
CVE-2019-7486 MEDIUM

Code injection in SonicWall SMA100 allows an authenticated user to execute arbitrary code in viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.4 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
CVE-2019-7487 MEDIUM

Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos_sslvpn_nacagent 3.5
CVE-2019-7488 HIGH

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,CWE-521,

Products Affected

Vendor Product Version
sonicwall email_security_appliance *
CVE-2019-7489 HIGH

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-285,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sonicwall email_security_appliance *
CVE-2020-5129 MEDIUM

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-248,CWE-444,

Products Affected

Vendor Product Version
sonicwall sma1000_firmware *
CVE-2020-5130 MEDIUM

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2020-5131 MEDIUM

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2020-5132 MEDIUM

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sonicwall sonicos 6.5.4.6-79n
sonicwall sma100_firmware 10.2.0.2-20sv
sonicwall sma100_firmware 12.4.0-2223
CVE-2020-5133 MEDIUM

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5134 MEDIUM

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5135 HIGH

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5136 MEDIUM

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5137 MEDIUM

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5138 MEDIUM

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5139 MEDIUM

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-763,CWE-763,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5140 MEDIUM

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5141 MEDIUM

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-799,CWE-307,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5142 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5143 MEDIUM

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.0.0.0
sonicwall sonicosv *
CVE-2020-5144 MEDIUM

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
sonicwall global_vpn_client *
CVE-2020-5145 MEDIUM

SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
sonicwall global_vpn_client *
CVE-2020-5146 HIGH

A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
CVE-2020-5147 MEDIUM

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2020-5148 MEDIUM

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
sonicwall directory_services_connector *
CVE-2021-20016 HIGH

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
sonicwall sma_200_firmware -
sonicwall sma_210_firmware -
sonicwall sma_500v -
sonicwall sma_400_firmware -
sonicwall sma_410_firmware -
CVE-2021-20017 HIGH

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall sma100_firmware *
CVE-2021-20018 MEDIUM

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-287,

Products Affected

Vendor Product Version
sonicwall sma100_firmware *
CVE-2021-20019 MEDIUM

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-119,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 6.5.1.12-3n
sonicwall sonicos 6.5.4.7-83n
sonicwall sonicosv 6.5.4.4-44v-21-955
sonicwall sonicos 6.0.5.3-94o
CVE-2021-20020 HIGH

A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
sonicwall global_management_system 9.3
CVE-2021-20021 HIGH

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
sonicwall email_security_appliance_7050_firmware *
sonicwall email_security_appliance_5000_firmware *
sonicwall email_security *
sonicwall email_security_appliance_4300_firmware *
sonicwall email_security_virtual_appliance *
sonicwall email_security_appliance_9000_firmware *
sonicwall email_security_appliance_8300_firmware *
sonicwall hosted_email_security *
sonicwall email_security_appliance_7000_firmware *
sonicwall email_security_appliance_5050_firmware *
sonicwall email_security_appliance_3300_firmware *
CVE-2021-20022 HIGH

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
sonicwall email_security_appliance_7050_firmware *
sonicwall email_security_appliance_5000_firmware *
sonicwall email_security *
sonicwall email_security_appliance_4300_firmware *
sonicwall email_security_virtual_appliance *
sonicwall email_security_appliance_9000_firmware *
sonicwall email_security_appliance_8300_firmware *
sonicwall hosted_email_security *
sonicwall email_security_appliance_7000_firmware *
sonicwall email_security_appliance_5050_firmware *
sonicwall email_security_appliance_3300_firmware *
CVE-2021-20023 MEDIUM

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
sonicwall email_security_appliance_7050_firmware *
sonicwall email_security_appliance_5000_firmware *
sonicwall email_security *
sonicwall email_security_appliance_4300_firmware *
sonicwall email_security_virtual_appliance *
sonicwall email_security_appliance_9000_firmware *
sonicwall email_security_appliance_8300_firmware *
sonicwall hosted_email_security *
sonicwall email_security_appliance_7000_firmware *
sonicwall email_security_appliance_5050_firmware *
sonicwall email_security_appliance_3300_firmware *
CVE-2021-20024 MEDIUM

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
sonicwall switch *
CVE-2021-20025 MEDIUM

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
sonicwall email_security_virtual_appliance *
CVE-2021-20026 HIGH

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall network_security_manager *
sonicwall network_security_manager 2.2.0
CVE-2021-20027 MEDIUM

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2021-20028 HIGH

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
sonicwall sma_500v_firmware *
sonicwall sra_4600_firmware *
sonicwall sma_410_firmware *
sonicwall sra_1600_firmware *
sonicwall sra_va_firmware *
sonicwall sma_210_firmware *
CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sonicwall global_management_system *
CVE-2021-20031 MEDIUM

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2021-20032 HIGH

SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sonicwall analytics *
CVE-2021-20034 MEDIUM

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-22,

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_410_firmware *
sonicwall sma_500v *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2021-20035 MEDIUM

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_410_firmware *
sonicwall sma_500v *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2021-20037 HIGH

SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
sonicwall global_vpn_client *
CVE-2021-20038 HIGH

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.1.2-24sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.2-24sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.1.2-24sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_210_firmware 10.2.1.2-24sv
sonicwall sma_200_firmware 10.2.1.2-24sv
CVE-2021-20039 HIGH

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_410_firmware 9.0.0.11-31sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_200_firmware 9.0.0.11-31sv
sonicwall sma_400_firmware 9.0.0.11-31sv
sonicwall sma_210_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 9.0.0.11-31sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 9.0.0.11-31sv
CVE-2021-20040 MEDIUM

A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 10.2.1.1-19sv
CVE-2021-20041 HIGH

An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requests sent to SMA100 /fileshare/sonicfiles/sonicfiles resulting in a loop with unreachable exit condition. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_410_firmware 9.0.0.11-31sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_200_firmware 9.0.0.11-31sv
sonicwall sma_400_firmware 9.0.0.11-31sv
sonicwall sma_210_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 9.0.0.11-31sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 9.0.0.11-31sv
CVE-2021-20042 HIGH

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-441,NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_410_firmware 9.0.0.11-31sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_200_firmware 9.0.0.11-31sv
sonicwall sma_400_firmware 9.0.0.11-31sv
sonicwall sma_210_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 9.0.0.11-31sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 9.0.0.11-31sv
CVE-2021-20043 MEDIUM

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 10.2.1.1-19sv
CVE-2021-20044 HIGH

A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 10.2.1.1-19sv
CVE-2021-20045 HIGH

A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.1.1-19sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.1-19sv
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware 10.2.1.1-19sv
sonicwall sma_210_firmware 10.2.1.1-19sv
CVE-2021-20046 MEDIUM

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2021-20047 MEDIUM

SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
sonicwall global_vpn_client *
CVE-2021-20048 MEDIUM

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2021-20049 MEDIUM

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-204,CWE-203,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_100_firmware *
sonicwall sma_410_firmware 10.2.1.2-24sv
sonicwall sma_100_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.2-24sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_100_firmware 10.2.1.2-24sv
sonicwall sma_400_firmware 10.2.1.2-24sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_210_firmware 10.2.1.2-24sv
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
sonicwall sma_200_firmware 10.2.1.2-24sv
CVE-2021-20050 MEDIUM

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall sma_210_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.0.8-37sv
sonicwall sma_100_firmware *
sonicwall sma_410_firmware 10.2.1.2-24sv
sonicwall sma_100_firmware 10.2.0.8-37sv
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_400_firmware 10.2.0.8-37sv
sonicwall sma_500v_firmware 10.2.1.2-24sv
sonicwall sma_200_firmware 10.2.0.8-37sv
sonicwall sma_100_firmware 10.2.1.2-24sv
sonicwall sma_400_firmware 10.2.1.2-24sv
sonicwall sma_410_firmware 10.2.0.8-37sv
sonicwall sma_210_firmware 10.2.1.2-24sv
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
sonicwall sma_200_firmware 10.2.1.2-24sv
CVE-2021-20051 MEDIUM

SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
sonicwall global_vpn_client *
CVE-2021-33909 HIGH

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
oracle communications_session_border_controller 8.3
sonicwall sma1000_firmware *
debian debian_linux 9.0
linux linux_kernel *
oracle communications_session_border_controller 8.4
debian debian_linux 10.0
netapp solidfire -
fedoraproject fedora 34
oracle communications_session_border_controller 9.0
netapp hci_management_node -
oracle communications_session_border_controller 8.2
CVE-2021-3449 MEDIUM

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens simatic_rf166c_firmware *
siemens simatic_logon 1.5
netapp oncommand_insight -
tenable nessus_network_monitor 5.12.1
siemens simatic_net_cp_1543-1_firmware *
netapp oncommand_workflow_automation -
siemens simatic_rf186c_firmware *
siemens sinec_nms 1.0
oracle primavera_unifier *
siemens simatic_net_cp_1542sp-1_irc_firmware *
oracle mysql_workbench *
siemens simatic_net_cp1243-7_lte_eu_firmware *
siemens simatic_wincc_runtime_advanced *
oracle graalvm 19.3.5
siemens scalance_m-800_firmware *
siemens simatic_mv500_firmware *
siemens simatic_rf185c_firmware *
siemens simatic_hmi_basic_panels_2nd_generation_firmware *
siemens sinumerik_opc_ua_server *
mcafee web_gateway 9.2.10
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_rf186ci_firmware *
siemens simatic_logon *
siemens tia_administrator *
oracle peoplesoft_enterprise_peopletools 8.57
siemens simatic_s7-1200_cpu_1215c_firmware *
tenable nessus_network_monitor 5.11.1
oracle graalvm 21.0.0.2
oracle mysql_connectors *
netapp active_iq_unified_manager -
siemens simatic_cp_1242-7_gprs_v2_firmware -
siemens simatic_wincc_telecontrol -
siemens simatic_s7-1200_cpu_1212c_firmware *
oracle jd_edwards_world_security a9.4
nodejs node.js *
siemens scalance_xb-200_firmware *
netapp santricity_smi-s_provider -
siemens sinema_server 14.0
oracle peoplesoft_enterprise_peopletools 8.59
debian debian_linux 9.0
siemens simatic_pcs_7_telecontrol_firmware *
oracle primavera_unifier 20.12
oracle primavera_unifier 19.12
siemens simatic_s7-1200_cpu_1211c_firmware *
mcafee web_gateway_cloud_service 8.2.19
tenable nessus_network_monitor 5.12.0
tenable nessus_network_monitor 5.13.0
siemens simatic_net_cp_1545-1_firmware *
oracle primavera_unifier 21.12
siemens scalance_xr528-6m_firmware *
oracle essbase 21.2
siemens scalance_xm-400_firmware *
checkpoint quantum_security_gateway_firmware r81
checkpoint quantum_security_gateway_firmware r80.40
oracle zfs_storage_appliance_kit 8.8
oracle communications_communications_policy_management 12.6.0.0.0
siemens simatic_cloud_connect_7_firmware -
siemens scalance_xf-200ba_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_pdm_firmware *
siemens scalance_xp-200_firmware *
checkpoint quantum_security_management_firmware r80.40
siemens simatic_rf360r_firmware *
siemens ruggedcom_rcm1224_firmware *
siemens scalance_s602_firmware *
siemens scalance_lpe9403_firmware *
mcafee web_gateway 8.2.19
siemens simatic_rf188c_firmware *
oracle peoplesoft_enterprise_peopletools 8.58
siemens sinec_infrastructure_network_services *
siemens simatic_process_historian_opc_ua_server_firmware *
siemens simatic_net_cp1243-7_lte_us_firmware *
netapp ontap_select_deploy_administration_utility -
siemens simatic_s7-1200_cpu_1214c_firmware *
sonicwall sma100_firmware *
siemens simatic_cloud_connect_7_firmware *
siemens scalance_xc-200_firmware *
siemens sinec_pni -
oracle secure_global_desktop 5.6
siemens simatic_net_cp_1543sp-1_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens scalance_s627-2m_firmware *
siemens scalance_w700_firmware *
oracle secure_backup *
mcafee web_gateway 10.1.1
siemens simatic_s7-1200_cpu_1215_fc_firmware *
tenable tenable.sc *
siemens scalance_sc-600_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
netapp storagegrid -
tenable nessus_network_monitor 5.11.0
siemens sinamics_connect_300_firmware *
sonicwall capture_client 3.5
siemens scalance_w1700_firmware *
netapp e-series_performance_analyzer -
oracle mysql_server *
sonicwall sonicos 7.0.1.0
freebsd freebsd 12.2
siemens simatic_pcs_neo_firmware *
tenable nessus *
siemens scalance_xr524-8c_firmware *
siemens simatic_hmi_ktp_mobile_panels_firmware *
siemens scalance_s612_firmware *
siemens scalance_xr-300wg_firmware *
openssl openssl *
debian debian_linux 10.0
siemens scalance_s615_firmware *
siemens simatic_rf188ci_firmware *
tenable log_correlation_engine *
oracle jd_edwards_enterpriseone_tools *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
netapp cloud_volumes_ontap_mediator -
oracle enterprise_manager_for_storage_management 13.4.0.0
siemens simatic_net_cp_1243-8_irc_firmware *
siemens scalance_s623_firmware *
checkpoint multi-domain_management_firmware r81
siemens simatic_cp_1242-7_gprs_v2_firmware *
checkpoint multi-domain_management_firmware r80.40
mcafee web_gateway_cloud_service 9.2.10
fedoraproject fedora 34
netapp snapcenter -
siemens simatic_net_cp_1243-1_firmware *
siemens scalance_xr526-8c_firmware *
siemens tim_1531_irc_firmware *
siemens scalance_xr552-12_firmware *
checkpoint quantum_security_management_firmware r81
mcafee web_gateway_cloud_service 10.1.1
oracle graalvm 20.3.1.2
CVE-2021-3450 MEDIUM

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools *
oracle jd_edwards_world_security a9.4
tenable nessus_network_monitor 5.12.1
nodejs node.js *
oracle weblogic_server 12.2.1.4.0
mcafee web_gateway 8.2.19
netapp oncommand_workflow_automation -
oracle mysql_server *
freebsd freebsd 12.2
windriver linux -
windriver linux 19.0
oracle weblogic_server 14.1.1.0.0
tenable nessus *
sonicwall email_security *
netapp santricity_smi-s_provider_firmware -
tenable nessus_agent *
oracle mysql_workbench *
netapp ontap_select_deploy_administration_utility -
openssl openssl *
sonicwall sma100_firmware *
oracle mysql_enterprise_monitor *
oracle jd_edwards_enterpriseone_tools *
oracle graalvm 19.3.5
netapp cloud_volumes_ontap_mediator -
oracle commerce_guided_search 11.3.2
sonicwall sonicos *
oracle enterprise_manager_for_storage_management 13.4.0.0
mcafee web_gateway_cloud_service 8.2.19
tenable nessus_network_monitor 5.12.0
oracle secure_global_desktop 5.6
tenable nessus_network_monitor 5.13.0
mcafee web_gateway_cloud_service 9.2.10
fedoraproject fedora 34
windriver linux 17.0
windriver linux 18.0
mcafee web_gateway 9.2.10
oracle secure_backup *
mcafee web_gateway 10.1.1
netapp storagegrid_firmware -
netapp storagegrid -
tenable nessus_network_monitor 5.11.0
sonicwall capture_client *
tenable nessus_network_monitor 5.11.1
oracle graalvm 21.0.0.2
mcafee web_gateway_cloud_service 10.1.1
oracle graalvm 20.3.1.2
oracle mysql_connectors *
CVE-2021-44228 HIGH

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-400,CWE-502,CWE-917,

Products Affected

Vendor Product Version
cisco crosswork_optimization_engine *
cisco fxos 6.4.0
cisco webex_meetings_server *
siemens capital 2019.1
cisco unified_customer_voice_portal 12.0
cisco ucs_central_software 2.0(1f)
siemens 6bk1602-0aa52-0tp0_firmware *
siemens navigator *
siemens e-car_operation_center *
cisco fxos 6.5.0
cisco firepower_threat_defense 6.7.0
siemens desigo_cc_advanced_reports 5.1
cisco unified_communications_manager 11.5(1.17900.52)
cisco common_services_platform_collector 002.009(001.002)
cisco paging_server 8.3(1)
siemens teamcenter *
cisco connected_analytics_for_network_deployment 006.005.000.000
cisco dna_spaces_connector -
cisco identity_services_engine 003.002(000.116)
cisco crosswork_network_automation 4.1.1
siemens energyip 8.5
apache log4j *
siemens energyip 8.7
cisco unified_intelligence_center 12.6(1)
cisco crosswork_platform_infrastructure 4.1.0
cisco video_surveillance_manager 7.14(4.018)
cisco unified_communications_manager_im_and_presence_service 11.5(1)
cisco video_surveillance_manager 7.14(2.26)
siemens desigo_cc_advanced_reports 4.2
cisco video_surveillance_operations_manager *
siemens sentron_powermanager 4.1
cisco contact_center_domain_manager *
cisco crosswork_network_automation -
cisco evolved_programmable_network_manager 4.1
siemens capital *
cisco unified_customer_voice_portal 12.6(1)
cisco ucs_central_software 2.0(1d)
cisco unified_intelligence_center 12.6(2)
cisco cloudcenter_suite 5.3.0
siemens siveillance_identity 1.6
cisco paging_server 12.5(2)
cisco crosswork_network_controller *
cisco sd-wan_vmanage 20.7
cisco identity_services_engine 2.4.0
cisco smart_phy 21.3
cisco cloudcenter_suite 5.4.1
cisco unified_communications_manager_im_&_presence_service 11.5(1)
cisco unified_communications_manager *
cisco unified_contact_center_enterprise 12.5(1)
cisco network_assurance_engine 6.0(2.1912)
cisco network_assurance_engine *
cisco network_dashboard_fabric_controller 11.4(1)
siemens energyip 8.6
cisco wan_automation_engine 7.3
cisco cloudcenter_workload_manager *
cisco common_services_platform_collector 002.009(001.000)
cisco connected_analytics_for_network_deployment 7.3
cisco unified_contact_center_enterprise 11.6(2)
cisco network_dashboard_fabric_controller 11.5(1)
debian debian_linux 9.0
siemens spectrum_power_4 *
cisco packaged_contact_center_enterprise 11.6(1)
cisco crosswork_platform_infrastructure *
cisco cyber_vision_sensor_management_extension 4.0.2
cisco network_dashboard_fabric_controller 11.2(1)
cisco paging_server 8.5(1)
cisco smart_phy *
netapp brocade_san_navigator -
cisco crosswork_network_automation 3.0.0
siemens siveillance_command *
siemens vesys 2019.1
cisco unified_contact_center_express 12.6(1)
intel datacenter_manager *
cisco nexus_insights *
cisco unified_communications_manager 11.5(1.18900.97)
cisco firepower_threat_defense 6.5.0
cisco unified_sip_proxy 010.002(001)
cisco data_center_network_manager 11.3(1)
cisco ucs_central_software 2.0(1g)
percussion rhythmyx *
siemens logo!_soft_comfort *
siemens energyip_prepay *
cisco dna_spaces -
cisco ucs_central_software 2.0(1b)
siemens vesys 2021.1
cisco cloudcenter_cost_optimizer *
cisco paging_server 9.1(1)
cisco unified_contact_center_enterprise *
netapp solidfire_enterprise_sds -
intel system_debugger -
cisco network_services_orchestrator *
cisco finesse *
cisco unity_connection *
cisco identity_services_engine 003.000(000.458)
cisco mobility_services_engine -
netapp cloud_insights -
cisco intersight_virtual_appliance *
cisco connected_mobile_experiences -
cisco cloudcenter_suite 5.3(0)
cisco evolved_programmable_network_manager 5.1
bentley synchro_4d *
cisco network_dashboard_fabric_controller 11.1(1)
cisco unified_contact_center_express 12.6(2)
siemens vesys 2020.1
cisco ucs_central_software 2.0(1a)
apple xcode *
siemens sipass_integrated 2.80
cisco video_surveillance_manager 7.14(3.025)
siemens sipass_integrated 2.85
cisco nexus_dashboard *
cisco connected_analytics_for_network_deployment 007.000.001
siemens desigo_cc_advanced_reports 5.0
siemens desigo_cc_advanced_reports 3.0
cisco identity_services_engine *
cisco paging_server 14.0(1)
cisco cyber_vision 4.0.2
siemens gma-manager *
cisco fxos 6.2.3
siemens desigo_cc_advanced_reports 4.0
cisco data_center_network_manager *
cisco firepower_threat_defense 6.2.3
cisco smart_phy 3.1.3
cisco common_services_platform_collector 002.009(000.001)
cisco virtualized_voice_browser *
cisco connected_analytics_for_network_deployment 007.001.000
cisco paging_server 9.0(1)
siemens sentron_powermanager 4.2
cisco unified_communications_manager_im_and_presence_service *
intel genomics_kernel_library -
siemens industrial_edge_management_hub *
netapp cloud_manager -
intel system_studio -
cisco cloudcenter_suite 4.10.0.15
cisco wan_automation_engine 7.1.3
cisco common_services_platform_collector 002.009(000.000)
siemens siguard_dsa 4.4
cisco virtual_topology_system *
cisco network_services_orchestrator -
cisco ucs_central_software 2.0(1c)
cisco fxos 7.1.0
debian debian_linux 10.0
cisco unified_contact_center_enterprise 12.6(2)
cisco cloudcenter_suite 5.4(1)
cisco identity_services_engine 002.004(000.914)
cisco optical_network_controller 1.1
cisco enterprise_chat_and_email 12.5(1)
cisco fog_director -
siemens siveillance_vantage *
siemens head-end_system_universal_device_integration_system *
bentley synchro *
cisco unified_communications_manager_im_&_presence_service 11.5(1.22900.6)
cisco network_dashboard_fabric_controller 11.5(2)
cisco connected_analytics_for_network_deployment 008.000.000.000.004
netapp snapcenter -
cisco unified_contact_center_enterprise 12.0(1)
intel computer_vision_annotation_tool -
cisco integrated_management_controller_supervisor 2.3.2.0
cisco broadworks *
cisco sd-wan_vmanage 20.3
cisco packaged_contact_center_enterprise *
cisco smart_phy 3.2.1
cisco dna_center 2.2.2.8
cisco unified_communications_manager 11.5(1.18119.2)
siemens xpedition_package_integrator -
cisco customer_experience_cloud_agent *
cisco broadworks -
netapp oncommand_insight -
cisco cloudcenter *
cisco cloud_connect *
cisco integrated_management_controller_supervisor 002.003(002.000)
cisco iot_operations_dashboard -
cisco optical_network_controller *
siemens opcenter_intelligence *
intel oneapi_sample_browser -
siemens siguard_dsa 4.2
siemens solid_edge_harness_design *
cisco automated_subsea_tuning *
cisco unified_contact_center_express *
intel audio_development_kit -
cisco unity_connection 11.5
siemens spectrum_power_7 2.30
siemens 6bk1602-0aa32-0tp0_firmware *
cisco connected_analytics_for_network_deployment 007.003.001.001
cisco cyber_vision_sensor_management_extension *
cisco ucs_central_software 2.0(1e)
cisco connected_analytics_for_network_deployment 006.005.000.
cisco common_services_platform_collector 002.009(000.002)
cisco workload_optimization_manager *
cisco crosswork_data_gateway *
siemens energy_engage 3.1
cisco smart_phy 3.1.5
cisco cloudcenter_suite 5.5.1
cisco network_dashboard_fabric_controller 11.0(1)
cisco sd-wan_vmanage 20.4
cisco wan_automation_engine *
debian debian_linux 11.0
cisco sd-wan_vmanage 20.6
siemens desigo_cc_info_center 5.1
cisco crosswork_zero_touch_provisioning *
cisco fxos 6.3.0
cisco firepower_threat_defense 7.0.0
cisco evolved_programmable_network_manager 4.0
cisco paging_server 9.0(2)
cisco virtual_topology_system 2.6.6
cisco cloudcenter_suite 5.5(1)
cisco ucs_central_software 2.0
cisco evolved_programmable_network_manager 5.0
netapp active_iq_unified_manager -
cisco integrated_management_controller_supervisor *
cisco virtualized_infrastructure_manager *
cisco webex_meetings_server 4.0
apache log4j 2.0
siemens captial 2019.1
cisco fxos 6.6.0
cisco wan_automation_engine 7.6
siemens siguard_dsa *
cisco network_insights_for_data_center 6.0(2.1914)
cisco cloudcenter_suite 4.10(0.15)
snowsoftware snow_commander *
cisco paging_server 8.4(1)
cisco crosswork_optimization_engine 3.0.0
cisco evolved_programmable_network_manager 3.0
cisco unified_contact_center_enterprise 12.6(1)
cisco intersight_virtual_appliance 1.0.9-343
cisco smart_phy 3.1.4
siemens 6bk1602-0aa22-0tp0_firmware *
cisco unified_customer_voice_portal 12.5(1)
cisco wan_automation_engine 7.5
cisco firepower_threat_defense 7.1.0
cisco unified_intelligence_center *
cisco dna_center *
cisco common_services_platform_collector 002.009(001.001)
cisco emergency_responder 11.5(4.66000.14)
fedoraproject fedora 35
cisco finesse 12.5(1)
snowsoftware vm_access_proxy *
cisco unified_contact_center_management_portal 12.6(1)
cisco unity_connection 11.5(1.10000.6)
cisco common_services_platform_collector 002.010(000.000)
cisco unified_workforce_optimization 11.5(1)
cisco common_services_platform_collector *
netapp cloud_secure_agent -
siemens siveillance_control_pro *
cisco fxos 6.7.0
cisco enterprise_chat_and_email 12.0(1)
cisco paging_server *
cisco unified_sip_proxy 010.002(000)
cisco identity_services_engine 002.006(000.156)
cisco unified_computing_system 006.008(001.000)
cisco identity_services_engine 002.007(000.356)
intel secure_device_onboard -
cisco cx_cloud_agent 001.012
cisco unified_communications_manager 11.5(1.21900.40)
cisco firepower_threat_defense 6.4.0
cisco advanced_malware_protection_virtual_private_cloud_appliance *
cisco emergency_responder 11.5
cisco identity_services_engine 003.001(000.518)
cisco wan_automation_engine 7.2.2
cisco wan_automation_engine 7.2.1
cisco enterprise_chat_and_email 12.6(1)
cisco contact_center_management_portal *
cisco unified_communications_manager 11.5(1)
cisco unified_sip_proxy *
cisco unified_communications_manager 11.5(1.22900.28)
cisco wan_automation_engine 7.4
siemens mendix *
siemens siguard_dsa 4.3
siemens siveillance_viewpoint *
cisco connected_analytics_for_network_deployment 007.003.000
cisco emergency_responder 11.5(4.65000.14)
cisco sd-wan_vmanage 20.8
cisco unified_communications_manager 11.5(1)su3
siemens operation_scheduler *
cisco unified_customer_voice_portal 11.6
cisco connected_analytics_for_network_deployment 006.004.000.003
cisco network_dashboard_fabric_controller 11.3(1)
cisco unified_sip_proxy 010.000(000)
cisco crosswork_data_gateway 3.0.0
cisco connected_analytics_for_network_deployment 008.000.000
cisco unified_contact_center_express 12.5(1)
cisco firepower_threat_defense 6.3.0
cisco unified_workforce_optimization *
cisco ucs_central_software 2.0(1h)
siemens 6bk1602-0aa12-0tp0_firmware *
cisco connected_analytics_for_network_deployment 007.003.003
cisco crosswork_network_controller 3.0.0
siemens xpedition_enterprise -
cisco unified_customer_voice_portal *
cisco ucs_director *
siemens siveillance_identity 1.5
siemens sppa-t3000_ses3000_firmware *
siemens mindsphere *
cisco crosswork_network_automation 2.0.0
siemens energyip_prepay 3.8
cisco crosswork_network_automation 4.1.0
cisco sd-wan_vmanage 20.5
cisco network_dashboard_fabric_controller 11.5(3)
cisco cloudcenter_suite_admin *
siemens spectrum_power_7 *
cisco automated_subsea_tuning 02.01.00
cisco cloudcenter_suite 5.5(0)
cisco prime_service_catalog 12.1
cisco wan_automation_engine 7.2.3
cisco cloudcenter_suite 5.5.0
cisco unified_sip_proxy 010.000(001)
intel sensor_solution_firmware_development_kit -
siemens energyip 9.0
cisco ucs_central_software 2.0(1l)
cisco video_surveillance_manager 7.14(1.26)
siemens 6bk1602-0aa42-0tp0_firmware *
cisco fxos 7.0.0
siemens vesys *
siemens desigo_cc_advanced_reports 4.1
cisco prime_service_catalog *
cisco business_process_automation *
cisco unified_customer_voice_portal 11.6(1)
siemens nx *
siemens captial *
siemens solid_edge_harness_design 2020
sonicwall email_security *
cisco dna_spaces:_connector *
siemens desigo_cc_info_center 5.0
siemens comos *
siemens spectrum_power_4 4.70
siemens industrial_edge_management *
cisco firepower_threat_defense 6.6.0
cisco webex_meetings_server 3.0
netapp ontap_tools -
cisco connected_analytics_for_network_deployment 007.002.000
cisco smart_phy 3.1.2
fedoraproject fedora 34
cisco enterprise_chat_and_email *
cisco finesse 12.6(1)
cisco evolved_programmable_network_manager *
cisco unified_customer_voice_portal 12.5
cisco ucs_central_software 2.0(1k)
cisco ucs_central *
cisco unified_customer_voice_portal 12.0(1)
siemens energyip_prepay 3.7
siemens solid_edge_cam_pro *
intel data_center_manager *
cisco emergency_responder *
cisco crosswork_zero_touch_provisioning 3.0.0
netapp solidfire_&_hci_storage_node -
cisco sd-wan_vmanage *
cisco evolved_programmable_network_manager 3.1
cisco sd-wan_vmanage 20.6.1
CVE-2021-45046 MEDIUM

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-917,CWE-917,

Products Affected

Vendor Product Version
siemens opcenter_intelligence *
siemens mendix *
siemens 6bk1602-0aa52-0tp0_firmware *
siemens siguard_dsa 4.2
siemens siguard_dsa 4.3
intel system_debugger -
siemens solid_edge_harness_design *
siemens siveillance_viewpoint *
siemens navigator *
intel audio_development_kit -
siemens e-car_operation_center *
siemens spectrum_power_7 2.30
siemens 6bk1602-0aa32-0tp0_firmware *
siemens desigo_cc_advanced_reports 5.1
siemens tracealertserverplus *
siemens operation_scheduler *
siemens energy_engage 3.1
siemens teamcenter *
siemens energyip 8.5
siemens 6bk1602-0aa12-0tp0_firmware *
apache log4j *
siemens energyip 8.7
siemens xpedition_enterprise -
debian debian_linux 11.0
siemens sipass_integrated 2.80
siemens desigo_cc_advanced_reports 4.2
siemens sipass_integrated 2.85
siemens siveillance_identity 1.5
siemens sentron_powermanager 4.1
siemens sppa-t3000_ses3000_firmware *
siemens mindsphere *
siemens desigo_cc_info_center 5.1
siemens energyip_prepay 3.8
siemens desigo_cc_advanced_reports 5.0
siemens spectrum_power_7 *
intel sensor_solution_firmware_development_kit -
siemens siveillance_identity 1.6
siemens energyip 9.0
siemens gma-manager *
siemens desigo_cc_advanced_reports 4.0
siemens 6bk1602-0aa42-0tp0_firmware *
siemens vesys *
apache log4j 2.0
siemens captial 2019.1
siemens desigo_cc_advanced_reports 4.1
siemens sentron_powermanager 4.2
siemens energyip 8.6
intel genomics_kernel_library -
siemens industrial_edge_management_hub *
intel system_studio -
siemens nx *
siemens 6bk1602-0aa22-0tp0_firmware *
siemens captial *
siemens solid_edge_harness_design 2020
siemens spectrum_power_4 *
sonicwall email_security *
intel datacenter_manager -
siemens siguard_dsa 4.4
fedoraproject fedora 35
siemens desigo_cc_info_center 5.0
siemens comos *
debian debian_linux 10.0
siemens spectrum_power_4 4.70
siemens industrial_edge_management *
siemens siveillance_control_pro *
siemens siveillance_vantage *
siemens head-end_system_universal_device_integration_system *
fedoraproject fedora 34
siemens siveillance_command *
siemens vesys 2019.1
intel oneapi -
intel secure_device_onboard -
intel computer_vision_annotation_tool -
siemens energyip_prepay 3.7
siemens logo!_soft_comfort *
siemens solid_edge_cam_pro *
siemens xpedition_package_integrator -
CVE-2021-45105 MEDIUM

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-674,CWE-20,CWE-674,

Products Affected

Vendor Product Version
oracle retail_eftlink 17.0.2
oracle hyperion_tax_provision *
oracle retail_price_management 14.0.4
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle retail_store_inventory_management 15.0.3.3
oracle identity_management_suite 12.2.1.3.0
oracle insurance_data_gateway 1.0.1
oracle retail_merchandising_system 16.0.3
oracle banking_platform 2.7.1
apache log4j *
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_interactive_session_recorder 6.4
oracle utilities_framework 4.4.0.3.0
oracle hospitality_token_proxy_service 19.2
oracle agile_engineering_data_management 6.2.1.0
oracle retail_financial_integration 14.1.3.2
oracle retail_integration_bus 14.1.3
oracle retail_store_inventory_management 14.1.3.5
oracle enterprise_manager_ops_center 12.4.0.0
oracle communications_diameter_signaling_router *
oracle healthcare_master_person_index 5.0.1
oracle retail_integration_bus 15.0.3.1
oracle retail_price_management 15.0.3.0
oracle retail_eftlink 18.0.1
oracle peoplesoft_enterprise_peopletools 8.59
oracle enterprise_manager_base_platform 13.5.0.0
oracle retail_service_backbone 19.0.0
oracle health_sciences_empirica_signal 9.2.0.0
oracle communications_messaging_server 8.1
oracle communications_eagle_element_management_system 46.6
oracle primavera_unifier 20.12
oracle primavera_unifier 19.12
oracle retail_predictive_application_server 15.0.3.115
oracle retail_store_inventory_management 14.0.4.13
oracle communications_convergence 3.0.3.0
oracle retail_financial_integration 19.0.1
oracle retail_data_extractor_for_merchandising 16.0.2
oracle retail_financial_integration *
oracle hospitality_suite8 8.14.0
oracle retail_store_inventory_management 14.1.3.14
oracle retail_customer_insights 15.0.2
oracle healthcare_translational_research 4.1.1
oracle retail_returns_management 14.1
oracle retail_service_backbone 14.1.3.2
oracle primavera_gateway *
oracle retail_order_broker 16.0
oracle health_sciences_inform 6.3.2.1
oracle communications_services_gatekeeper 7.0
oracle banking_payments 14.5
oracle health_sciences_inform 6.2.1.1
oracle communications_pricing_design_center 12.0.0.4
oracle retail_order_management_system 19.5
oracle communications_pricing_design_center 12.0.0.5
oracle sql_developer *
oracle retail_service_backbone 14.1.3
oracle retail_merchandising_system 19.0.1
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle webcenter_sites 12.2.1.4.0
oracle retail_integration_bus 19.0.1
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle retail_service_backbone 19.0.1
oracle agile_plm_mcad_connector 3.6
oracle communications_network_charging_and_control 6.0.1.0.0
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle retail_eftlink 21.0.0
oracle business_intelligence 5.5.0.0.0
oracle financial_services_model_management_and_governance 8.0.8.0.0
oracle jdeveloper 12.2.1.4.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle payment_interface 19.1
oracle retail_customer_insights 16.0.2
oracle hyperion_profitability_and_cost_management *
oracle communications_billing_and_revenue_management 12.0.0.5
oracle financial_services_model_management_and_governance 8.1.1.0.0
oracle retail_invoice_matching 16.0.3
oracle e-business_suite 12.2
oracle retail_service_backbone *
oracle flexcube_universal_banking *
netapp cloud_manager -
debian debian_linux 10.0
oracle webcenter_portal 12.2.1.4.0
oracle insurance_insbridge_rating_and_underwriting 5.2.0
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle webcenter_sites 12.2.1.3.0
oracle retail_back_office 14.1
oracle banking_platform 2.6.2
oracle retail_price_management 16.0.3.0
oracle communications_network_charging_and_control *
oracle communications_ip_service_activator 7.4.0
oracle communications_session_report_manager *
oracle insurance_insbridge_rating_and_underwriting *
oracle communications_cloud_native_core_policy 1.15.0
oracle flexcube_universal_banking 14.5
oracle communications_evolved_communications_application_server 7.1
sonicwall network_security_manager *
oracle communications_performance_intelligence_center 10.4.0.3
sonicwall 6bk1602-0aa52-0tp0_firmware *
sonicwall 6bk1602-0aa12-0tp0_firmware *
oracle hospitality_suite8 8.13.0
oracle retail_eftlink 16.0.3
oracle banking_party_management 2.7.0
oracle healthcare_foundation *
oracle retail_predictive_application_server 14.1.3.46
oracle banking_enterprise_default_management 2.12.0
oracle communications_convergence 3.0.2.2.0
oracle webcenter_portal 12.2.1.3.0
oracle retail_price_management 13.2
sonicwall 6bk1602-0aa22-0tp0_firmware *
sonicwall 6bk1602-0aa42-0tp0_firmware *
oracle communications_network_integrity 7.3.6
oracle hyperion_bi+ *
oracle communications_unified_inventory_management 7.4.1
debian debian_linux 11.0
oracle financial_services_model_management_and_governance 8.1.0.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle primavera_unifier 18.8
oracle utilities_framework 4.4.0.2.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle communications_webrtc_session_controller 7.2.1
oracle retail_financial_integration 15.0.3.1
oracle communications_convergent_charging_controller *
oracle weblogic_server 12.2.1.4.0
oracle hyperion_infrastructure_technology *
oracle flexcube_universal_banking 11.83.3
oracle communications_convergent_charging_controller 6.0.1.0.0
oracle instantis_enterprisetrack 17.3
oracle communications_unified_inventory_management 7.3.5
oracle data_integrator 12.2.1.3.0
oracle retail_order_broker 19.1
oracle siebel_ui_framework *
oracle weblogic_server 14.1.1.0.0
oracle retail_store_inventory_management 16.0.3.7
oracle health_sciences_inform 7.0.0.0
oracle retail_store_inventory_management 15.0.3.8
oracle enterprise_manager_for_peoplesoft 13.5.1.1
oracle retail_eftlink 19.0.1
oracle identity_manager_connector 9.1.0
oracle primavera_unifier 21.12
oracle communications_unified_inventory_management 7.4.2
oracle taleo_platform *
oracle utilities_framework 4.4.0.0.0
oracle retail_service_backbone 19.0.1.0
oracle retail_price_management 14.1.3.0
oracle data_integrator 12.2.1.4.0
oracle banking_deposits_and_lines_of_credit_servicing 2.12.0
oracle retail_integration_bus *
oracle retail_data_extractor_for_merchandising 15.0.2
oracle communications_user_data_repository 12.4
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle retail_integration_bus 14.1.3.2
oracle enterprise_manager_for_peoplesoft 13.4.1.1
oracle banking_enterprise_default_management 2.7.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle managed_file_transfer 12.2.1.3.0
oracle healthcare_data_repository 8.1.1
sonicwall web_application_firewall *
oracle instantis_enterprisetrack 17.2
oracle communications_cloud_native_core_console 1.9.0
oracle communications_session_route_manager *
oracle banking_treasury_management 14.5
oracle healthcare_translational_research 4.1.0
oracle retail_central_office 14.1
sonicwall 6bk1602-0aa32-0tp0_firmware *
oracle banking_trade_finance 14.5
oracle retail_financial_integration 19.0.0
oracle hyperion_data_relationship_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle health_sciences_empirica_signal 9.1.0.6
oracle utilities_framework *
oracle retail_invoice_matching 15.0.3
oracle identity_management_suite 12.2.1.4.0
oracle retail_point-of-service 14.1
oracle weblogic_server 12.2.1.3.0
oracle communications_element_manager *
oracle instantis_enterprisetrack 17.1
oracle communications_webrtc_session_controller 7.2.0.0
oracle retail_predictive_application_server 16.0.3.240
oracle payment_interface 20.3
oracle communications_billing_and_revenue_management 12.0.0.4
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle retail_order_broker 18.0
oracle retail_eftlink 20.0.1
oracle communications_asap 7.3
oracle hyperion_planning *
oracle communications_interactive_session_recorder 6.3
oracle managed_file_transfer 12.2.1.4.0
sonicwall email_security *
oracle mysql_enterprise_monitor *
oracle banking_loans_servicing 2.12.0
oracle management_cloud_engine 1.5.0
oracle health_sciences_information_manager *
oracle primavera_gateway 21.12.0
oracle communications_service_broker 6.2
oracle retail_integration_bus 19.0.0
oracle agile_plm 9.3.6
oracle retail_service_backbone 15.0.3.1
oracle banking_platform 2.12.0
CVE-2022-0847 HIGH

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-665,CWE-665,

Products Affected

Vendor Product Version
netapp h410c_firmware -
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.2
netapp h410s_firmware -
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
siemens scalance_lpe9403_firmware *
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
fedoraproject fedora 35
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_real_time 8
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_for_real_time_for_nfv 8
redhat virtualization_host 4.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat codeready_linux_builder -
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
netapp h300s_firmware -
netapp h700s_firmware -
netapp h500s_firmware -
linux linux_kernel *
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
netapp h500e_firmware -
netapp h700e_firmware -
redhat enterprise_linux_for_real_time_for_nfv_tus 8.2
redhat enterprise_linux_for_real_time_for_nfv_tus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
sonicwall sma1000_firmware *
netapp h300e_firmware -
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_real_time_tus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_server_tus 8.2
ovirt ovirt-engine 4.4.10.2
redhat enterprise_linux_for_real_time_tus 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
CVE-2022-1701 MEDIUM

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
sonicwall sma_7200_firmware 12.4.0
sonicwall sma_7210_firmware 12.4.1
sonicwall sma_8000v_firmware 12.4.1
sonicwall sma_6200_firmware 12.4.1
sonicwall sma_6210_firmware 12.4.1
sonicwall sma_7200_firmware 12.4.1
sonicwall sma_6210_firmware 12.4.0
sonicwall sma_8000v_firmware 12.4.0
sonicwall sma_7210_firmware 12.4.0
sonicwall sma_6200_firmware 12.4.0
CVE-2022-1702 MEDIUM

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
sonicwall sma_7200_firmware 12.4.0
sonicwall sma_7210_firmware 12.4.1
sonicwall sma_8000v_firmware 12.4.1
sonicwall sma_6200_firmware 12.4.1
sonicwall sma_6210_firmware 12.4.1
sonicwall sma_7200_firmware 12.4.1
sonicwall sma_6210_firmware 12.4.0
sonicwall sma_8000v_firmware 12.4.0
sonicwall sma_7210_firmware 12.4.0
sonicwall sma_6200_firmware 12.4.0
CVE-2022-1703 HIGH

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
CVE-2022-22273 HIGH

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sra_4200_firmware *
sonicwall sma_500v_firmware *
sonicwall sra_4600_firmware *
sonicwall sma_410_firmware *
sonicwall sra_1200_firmware *
sonicwall sra_1600_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2022-22274 HIGH

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicosv *
CVE-2022-22275 MEDIUM

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2022-22276 MEDIUM

A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
sonicwall tz500w_firmware *
sonicwall nsv_100_firmware *
sonicwall tz300w_firmware *
sonicwall nsv_10_firmware *
sonicwall tz600_firmware *
sonicwall nssp_11700_firmware *
sonicwall tz350w_firmware *
sonicwall nsv_200_firmware *
sonicwall tz570w_firmware *
sonicwall nssp_12800_firmware *
sonicwall nsa_4700_firmware *
sonicwall tz350_firmware *
sonicwall tz400w_firmware *
sonicwall nssp_13700_firmware *
sonicwall tz370_firmware *
sonicwall tz300p_firmware *
sonicwall nsv_870_firmware *
sonicwall nsa_4650_firmware *
sonicwall nsa_9650_firmware *
sonicwall nsa_5650_firmware *
sonicwall nssp_10700_firmware *
sonicwall nsv_470_firmware *
sonicwall nssp_12400_firmware *
sonicwall nsa_9250_firmware *
sonicwall nsv_25_firmware *
sonicwall tz370w_firmware *
sonicwall nsa_3650_firmware *
sonicwall tz570_firmware *
sonicwall nssp_15700_firmware *
sonicwall nsv_50_firmware *
sonicwall nsa_2650_firmware *
sonicwall tz470_firmware *
sonicwall nsa_3700_firmware *
sonicwall tz400_firmware *
sonicwall nsa_6700_firmware *
sonicwall nsv_800_firmware *
sonicwall nsa_2700_firmware *
sonicwall nsv_400_firmware *
sonicwall tz470w_firmware *
sonicwall nsa_5700_firmware *
sonicwall tz670_firmware *
sonicwall tz570p_firmware *
sonicwall nsa_9450_firmware *
sonicwall tz600p_firmware *
sonicwall nsv_300_firmware *
sonicwall tz500_firmware *
sonicwall nsv_270_firmware *
sonicwall nsv_1600_firmware *
sonicwall nsa_6650_firmware *
CVE-2022-22277 MEDIUM

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
sonicwall tz500w_firmware *
sonicwall tz400w_firmware 7.0.0
sonicwall nsv_100_firmware *
sonicwall tz300w_firmware *
sonicwall nsa_9250_firmware 7.0.0
sonicwall nsv_10_firmware *
sonicwall tz600_firmware *
sonicwall tz370w_firmware 7.0.0
sonicwall tz500_firmware 7.0.0
sonicwall tz350w_firmware 7.0.0
sonicwall tz570_firmware 7.0.0
sonicwall nssp_11700_firmware *
sonicwall tz350w_firmware *
sonicwall nsv_200_firmware *
sonicwall tz570w_firmware *
sonicwall nsa_6650_firmware 7.0.0
sonicwall nssp_12800_firmware *
sonicwall tz570w_firmware 7.0.0
sonicwall nsa_4700_firmware *
sonicwall tz350_firmware *
sonicwall tz400w_firmware *
sonicwall nssp_13700_firmware *
sonicwall tz370_firmware *
sonicwall tz300p_firmware *
sonicwall nsv_870_firmware *
sonicwall nsa_4650_firmware *
sonicwall tz370_firmware 7.0.0
sonicwall tz570p_firmware 7.0.0
sonicwall nsa_3700_firmware 7.0.0
sonicwall tz470w_firmware 7.0.0
sonicwall nsa_9650_firmware *
sonicwall tz300p_firmware 7.0.0
sonicwall nsa_5650_firmware *
sonicwall nsa_2650_firmware 7.0.0
sonicwall nssp_10700_firmware *
sonicwall nsv_470_firmware *
sonicwall tz300w_firmware 7.0.0
sonicwall nsa_9450_firmware 7.0.0
sonicwall tz500w_firmware 7.0.0
sonicwall nssp_12400_firmware *
sonicwall nsa_9250_firmware *
sonicwall tz470_firmware 7.0.0
sonicwall nsv_25_firmware *
sonicwall tz370w_firmware *
sonicwall nsa_3650_firmware *
sonicwall tz570_firmware *
sonicwall nsa_5650_firmware 7.0.0
sonicwall nssp_15700_firmware *
sonicwall nsv_50_firmware *
sonicwall nsa_2650_firmware *
sonicwall tz470_firmware *
sonicwall nsa_3700_firmware *
sonicwall tz400_firmware *
sonicwall nsa_6700_firmware *
sonicwall tz350_firmware 7.0.0
sonicwall nsv_800_firmware *
sonicwall nsa_2700_firmware *
sonicwall nsa_5700_firmware 7.0.0
sonicwall tz400_firmware 7.0.0
sonicwall tz670_firmware 7.0.0
sonicwall nsv_400_firmware *
sonicwall tz470w_firmware *
sonicwall nsa_5700_firmware *
sonicwall tz670_firmware *
sonicwall nsa_2700_firmware 7.0.0
sonicwall tz570p_firmware *
sonicwall nsa_9450_firmware *
sonicwall tz600p_firmware *
sonicwall nsa_4650_firmware 7.0.0
sonicwall nsv_300_firmware *
sonicwall tz600_firmware 7.0.0
sonicwall nsa_9650_firmware 7.0.0
sonicwall tz500_firmware *
sonicwall nsv_270_firmware *
sonicwall nsa_3650_firmware 7.0.0
sonicwall nsa_4700_firmware 7.0.0
sonicwall nsa_6700_firmware 7.0.0
sonicwall nsv_1600_firmware *
sonicwall nsa_6650_firmware *
sonicwall tz600p_firmware 7.0.0
CVE-2022-22278 MEDIUM

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
sonicwall tz500w_firmware *
sonicwall nsv_100_firmware *
sonicwall tz300w_firmware *
sonicwall nsv_10_firmware *
sonicwall tz600_firmware *
sonicwall nssp_11700_firmware *
sonicwall tz350w_firmware *
sonicwall nsv_200_firmware *
sonicwall tz570w_firmware *
sonicwall nssp_12800_firmware *
sonicwall nsa_4700_firmware *
sonicwall tz350_firmware *
sonicwall tz400w_firmware *
sonicwall nssp_13700_firmware *
sonicwall tz370_firmware *
sonicwall tz300p_firmware *
sonicwall nsv_870_firmware *
sonicwall nsa_4650_firmware *
sonicwall nsa_9650_firmware *
sonicwall nsa_5650_firmware *
sonicwall nssp_10700_firmware *
sonicwall nsv_470_firmware *
sonicwall nssp_12400_firmware *
sonicwall nsa_9250_firmware *
sonicwall nsv_25_firmware *
sonicwall tz370w_firmware *
sonicwall nsa_3650_firmware *
sonicwall tz570_firmware *
sonicwall nssp_15700_firmware *
sonicwall nsv_50_firmware *
sonicwall nsa_2650_firmware *
sonicwall tz470_firmware *
sonicwall nsa_3700_firmware *
sonicwall tz400_firmware *
sonicwall nsa_6700_firmware *
sonicwall nsv_800_firmware *
sonicwall nsa_2700_firmware *
sonicwall nsv_400_firmware *
sonicwall tz470w_firmware *
sonicwall nsa_5700_firmware *
sonicwall tz670_firmware *
sonicwall tz570p_firmware *
sonicwall nsa_9450_firmware *
sonicwall tz600p_firmware *
sonicwall nsv_300_firmware *
sonicwall tz500_firmware *
sonicwall nsv_270_firmware *
sonicwall nsv_1600_firmware *
sonicwall nsa_6650_firmware *
CVE-2022-22279 MEDIUM

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
sonicwall sra_4200_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sra_1200_firmware *
sonicwall sma_210_firmware *
CVE-2022-22280

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.1
CVE-2022-22281 HIGH

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-120,

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2022-22282 HIGH

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
sonicwall sma_7200_firmware 12.4.0
sonicwall sma_7210_firmware 12.4.1
sonicwall sma_8000v_firmware 12.4.1
sonicwall sma_6200_firmware 12.4.1
sonicwall sma_6210_firmware 12.4.1
sonicwall sma_7200_firmware 12.4.1
sonicwall sma_6210_firmware 12.4.0
sonicwall sma_8000v_firmware 12.4.0
sonicwall sma_7210_firmware 12.4.0
sonicwall sma_6200_firmware 12.4.0
CVE-2022-2323

Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sonicwall sws12-8_firmware *
sonicwall sws14-24_firmware *
sonicwall sws14-48_firmware *
sonicwall sws14-24fpoe_firmware *
sonicwall sws14-48fpoe_firmware *
sonicwall sws12-10fpoe_firmware *
sonicwall sws12-8poe_firmware *
CVE-2022-2324

Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
sonicwall email_security *
sonicwall hosted_email_security *
CVE-2022-2915

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

Products Affected

Vendor Product Version
sonicwall tz600_firmware -
sonicwall tz500w_firmware -
sonicwall soho_250_firmware -
sonicwall sonicwave_681_firmware -
sonicwall tz570p_firmware -
sonicwall tz600p_firmware -
sonicwall tz570_firmware -
sonicwall tz370_firmware -
sonicwall sonicwave_641_firmware -
sonicwall tz500_firmware -
sonicwall tz350_firmware -
ieee ieee_802.11 *
sonicwall tz400_firmware -
sonicwall tz570w_firmware -
sonicwall sonicwave_231c_firmware -
sonicwall tz370w_firmware -
sonicwall tz300w_firmware -
sonicwall sonicwave_224w_firmware -
sonicwall sonicwave_621_firmware -
sonicwall soho_250w_firmware -
sonicwall tz670_firmware -
sonicwall tz470w_firmware -
sonicwall tz270_firmware -
sonicwall tz300p_firmware -
sonicwall tz350w_firmware -
sonicwall tz400w_firmware -
sonicwall sonicwave_432o_firmware -
sonicwall tz470_firmware -
sonicwall tz270w_firmware -
sonicwall tz300_firmware -
CVE-2023-0126

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.

Products Affected

Vendor Product Version
sonicwall sma1000_firmware 12.4.2
CVE-2023-0655

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sonicwall email_security *
CVE-2023-0656

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-1101

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-34123

Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics 2.5.0.4-r7
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34125

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34129

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34131

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34132

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34133

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34134

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34135

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34136

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-34137

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Products Affected

Vendor Product Version
sonicwall analytics *
sonicwall global_management_system *
sonicwall global_management_system 9.3.2
CVE-2023-39276

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-39277

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-39278

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-39279

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-39280

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-41711

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-41712

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-41713

SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-41715

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2023-44217

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2023-44218

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
PSIRT@sonicwall.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2023-44219

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
sonicwall directory_services_connector *
CVE-2023-44220

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2023-44221

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2023-5970

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2023-6340

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
sonicwall netextender *
sonicwall capture_client *
CVE-2024-22394

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.  This issue affects only firmware version SonicOS 7.1.1-7040.

Products Affected

Vendor Product Version
sonicwall sonicos 7.1.1-7040
CVE-2024-22395

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
PSIRT@sonicwall.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2024-29012

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2024-29013

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2024-29014

Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.

Products Affected

Vendor Product Version
sonicwall netextender *
CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Products Affected

Vendor Product Version
broadcom brocade_sannav -
sonicwall sonicos -
broadcom fabric_operating_system -
freeradius freeradius *
CVE-2024-38475

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

Products Affected

Vendor Product Version
netapp ontap_9 -
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
apache http_server *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2024-40763

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2024-40764

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2024-45318

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2024-45319

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2024-53702

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2024-53703

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sonicwall sonicos *
sonicwall sonicos 7.1.2-7019
sonicwall sonicos 8.0.0-8035
CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
netapp a9500_firmware -
netapp a900_firmware -
netapp a90_firmware -
netapp fas2820_firmware -
sonicwall sra_ex_7000_firmware -
apple macos *
netapp fas2720_firmware -
freebsd freebsd 13.2
netapp ontap_select_deploy_administration_utility -
netapp c250_firmware -
freebsd freebsd 13.3
openbsd openssh 4.4
netbsd netbsd *
netapp c190_firmware -
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
netapp c400_firmware -
netapp 8300_firmware -
netapp c800_firmware -
almalinux almalinux 9.0
openbsd openssh 8.6
netapp a70_firmware -
netapp ontap_tools 10
openbsd openssh *
canonical ubuntu_linux 22.10
openbsd openssh 8.5
canonical ubuntu_linux 23.04
sonicwall sma_6210_firmware -
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat openshift_container_platform 4.0
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
freebsd freebsd 14.1
netapp a250_firmware -
netapp active_iq_unified_manager -
sonicwall sma_6200_firmware -
netapp a150_firmware -
canonical ubuntu_linux 24.04
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
netapp bootstrap_os -
netapp a220_firmware -
canonical ubuntu_linux 23.10
netapp a800_firmware -
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_server_aus 9.4
canonical ubuntu_linux 22.04
netapp fas2750_firmware -
debian debian_linux 12.0
sonicwall sma_8200v_firmware -
netapp a700s_firmware -
netapp a1k_firmware -
netapp ontap 9
suse linux_enterprise_micro 6.0
amazon amazon_linux 2023.0
netapp 8700_firmware -
netapp 500f_firmware -
freebsd freebsd 14.0
redhat enterprise_linux_eus 9.4
sonicwall sma_7210_firmware -
netapp a400_firmware -
arista eos *
sonicwall sma_7200_firmware -
redhat enterprise_linux 9.0
netapp e-series_santricity_os_controller *
amazon linux_2023 -
netapp ontap_tools 9
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
CVE-2025-2170

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7

Products Affected

Vendor Product Version
sonicwall sma1000_firmware *
CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sonicwall sra_ex7000_firmware *
sonicwall sma7200_firmware *
sonicwall sma7210_firmware *
sonicwall sra_ex9000_firmware *
sonicwall sma8200v *
sonicwall sma6210_firmware *
sonicwall sra_ex6000_firmware *
sonicwall sma6200_firmware *
CVE-2025-32819

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H 1.6 5.5
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
sonicwall sma_100_firmware *
sonicwall sma_400_firmware *
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
sonicwall sma_200_firmware *
CVE-2025-40596

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
CVE-2025-40597

A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
CVE-2025-40598

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
CVE-2025-40599

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2025-40601

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2025-40602

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
sonicwall sma7200_firmware *
sonicwall sma7210_firmware *
sonicwall sma8200v *
sonicwall sma6210_firmware *
sonicwall sma6200_firmware *
CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
sonicwall sma_500v_firmware *
sonicwall sma_410_firmware *
sonicwall sma_210_firmware *
CVE-2025-40604

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
sonicwall email_security_appliance_7050_firmware *
sonicwall email_security_appliance_5000_firmware *
sonicwall email_security_appliance_9000_firmware *
sonicwall email_security_appliance_7000_firmware *
sonicwall email_security_appliance_5050_firmware *
CVE-2025-40605

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sonicwall email_security_appliance_7050_firmware *
sonicwall email_security_appliance_5000_firmware *
sonicwall email_security_appliance_9000_firmware *
sonicwall email_security_appliance_7000_firmware *
sonicwall email_security_appliance_5050_firmware *
CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2026-0401

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2026-0402

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
sonicwall sonicos *
CVE-2026-3439

A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.

Products Affected

Vendor Product Version
sonicwall sonicos *