SonicWall Firewall and Security firm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any SonicWall product.
RSS Feeds for SonicWall security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in SonicWall products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by SonicWall Sorted by Most Security Vulnerabilities since 2018
Known Exploited SonicWall Vulnerabilities
The following SonicWall vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
SonicWall SMA100 Appliances OS Command Injection Vulnerability |
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. CVE-2023-44221 Exploit Probability: 43.4% |
May 1, 2025 |
SonicWall SMA100 Appliances OS Command Injection Vulnerability |
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. CVE-2021-20035 Exploit Probability: 14.0% |
April 16, 2025 |
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability |
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. CVE-2024-53704 Exploit Probability: 93.8% |
February 18, 2025 |
SonicWall SMA1000 Appliances Deserialization Vulnerability |
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands. CVE-2025-23006 Exploit Probability: 49.8% |
January 24, 2025 |
SonicWall SonicOS Improper Access Control Vulnerability |
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. CVE-2024-40766 Exploit Probability: 18.3% |
September 9, 2024 |
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability |
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. CVE-2021-20028 Exploit Probability: 85.9% |
March 28, 2022 |
SonicWall SMA100 Directory Traversal Vulnerability |
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE-2019-7483 Exploit Probability: 44.9% |
March 28, 2022 |
SonicWall SonicOS Buffer Overflow Vulnerability |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. CVE-2020-5135 Exploit Probability: 49.5% |
March 15, 2022 |
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability |
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. CVE-2021-20038 Exploit Probability: 94.3% |
January 28, 2022 |
SonicWall Email Security Privilege Escalation Exploit Chain |
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. CVE-2021-20021 Exploit Probability: 85.0% |
November 3, 2021 |
SonicWall SMA100 9.0.0.3 and Earlier SQL Injection |
Vulnerability in SonicWall SMA100 versions 9.0.0.3 and earlier allow an unauthenticated user to gain read-only access to unauthorized resources. CVE-2019-7481 Exploit Probability: 94.4% |
November 3, 2021 |
SonicWall Email Security Privilege Escalation Exploit Chain |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE-2021-20022 Exploit Probability: 46.3% |
November 3, 2021 |
SonicWall Email Security Privilege Escalation Exploit Chain |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. CVE-2021-20023 Exploit Probability: 67.2% |
November 3, 2021 |
SonicWall SSL VPN SMA100 SQL Injection Vulnerability |
Allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information in SMA100 build version 10.x. CVE-2021-20016 Exploit Probability: 80.4% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 6 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited SonicWall vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 2 vulnerabilities in SonicWall with an average score of 9.8 out of ten. Last year, in 2024 SonicWall had 6 security vulnerabilities published. Right now, SonicWall is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.95.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 2 | 9.80 |
2024 | 6 | 7.85 |
2023 | 20 | 8.04 |
2022 | 5 | 8.08 |
2021 | 19 | 7.90 |
2020 | 15 | 7.01 |
2019 | 21 | 8.25 |
2018 | 3 | 6.90 |
It may take a day or so for new SonicWall vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SonicWall Security Vulnerabilities
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface
CVE-2025-2170
- April 30, 2025
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.
SSRF
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC)
CVE-2025-23006
9.8 - Critical
- January 23, 2025
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
Marshaling, Unmarshaling
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions
CVE-2024-29014
8.8 - High
- July 18, 2024
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
Code Injection
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who
CVE-2024-3596
9 - Critical
- July 09, 2024
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Improper Validation of Integrity Check Value
Stack-based buffer overflow vulnerability in the SonicOS HTTP server
CVE-2024-29012
7.5 - High
- June 20, 2024
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
Memory Corruption
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN
CVE-2024-29013
6.5 - Medium
- June 20, 2024
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
Memory Corruption
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could
CVE-2024-22394
9.8 - Critical
- February 08, 2024
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.
authentification
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver
CVE-2023-6340
5.5 - Medium
- January 18, 2024
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.
Memory Corruption
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component
CVE-2023-44220
7.3 - High
- October 27, 2023
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
DLL preloading
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges
CVE-2023-44218
7.8 - High
- October 03, 2023
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions
CVE-2023-44217
7.8 - High
- October 03, 2023
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages
CVE-2023-34131
5.3 - Medium
- July 13, 2023
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks
CVE-2023-34132
9.8 - Critical
- July 13, 2023
Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics
CVE-2023-34133
7.5 - High
- July 13, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
SQL Injection
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics
CVE-2023-34134
6.5 - Medium
- July 13, 2023
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Vulnerability in SonicWall GMS and Analytics
CVE-2023-34136
9.8 - Critical
- July 13, 2023
Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Unrestricted File Upload
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability
CVE-2023-34137
9.8 - Critical
- July 13, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
authentification
Path Traversal vulnerability in SonicWall GMS and Analytics
CVE-2023-34135
6.5 - Medium
- July 13, 2023
Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Directory traversal
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics
CVE-2023-34129
8.8 - High
- July 13, 2023
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Directory traversal
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data
CVE-2023-34130
9.8 - Critical
- July 13, 2023
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Use of a Broken or Risky Cryptographic Algorithm
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file
CVE-2023-34128
9.8 - Critical
- July 13, 2023
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Insufficiently Protected Credentials
Path Traversal vulnerability in GMS and Analytics
CVE-2023-34125
6.5 - Medium
- July 13, 2023
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Directory traversal
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS
CVE-2023-34127
8.8 - High
- July 13, 2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Shell injection
Vulnerability in SonicWall GMS and Analytics
CVE-2023-34126
8.8 - High
- July 13, 2023
Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Unrestricted File Upload
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass
CVE-2023-34124
9.8 - Critical
- July 13, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
authentification
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics
CVE-2023-34123
7.5 - High
- July 13, 2023
Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Use of Hard-coded Credentials
SonicWall Email Security contains a vulnerability
CVE-2023-0655
5.3 - Medium
- February 14, 2023
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.
Generation of Error Message Containing Sensitive Information
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which
CVE-2023-0126
7.5 - High
- January 19, 2023
Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.
Directory traversal
SonicWall GMS is vulnerable to file path manipulation resulting
CVE-2021-20030
7.5 - High
- October 13, 2022
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
Directory traversal
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance
CVE-2022-2324
7.5 - High
- July 29, 2022
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions
Authentication Bypass by Spoofing
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability
CVE-2022-22280
9.8 - Critical
- July 29, 2022
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
SQL Injection
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions
CVE-2022-22281
7.8 - High
- May 13, 2022
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
Classic Buffer Overflow
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components
CVE-2021-20051
7.8 - High
- May 04, 2022
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
DLL preloading
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect
CVE-2021-45105
5.9 - Medium
- December 18, 2021
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Improper Input Validation
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations
CVE-2021-45046
9 - Critical
- December 14, 2021
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
EL Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2
CVE-2021-44228
10 - Critical
- December 10, 2021
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Improper Input Validation
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability
CVE-2021-20047
7.8 - High
- December 08, 2021
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.
DLL preloading
An improper access control vulnerability in SMA100
CVE-2021-20034
9.1 - Critical
- September 27, 2021
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
Directory traversal
Improper neutralization of special elements in the SMA100 management interface
CVE-2021-20035
6.5 - Medium
- September 27, 2021
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
Shell injection
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially
CVE-2021-20037
7.8 - High
- September 21, 2021
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
Incorrect Default Permissions
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability
CVE-2021-20032
9.8 - Critical
- August 10, 2021
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this
CVE-2021-20019
7.5 - High
- June 23, 2021
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
Buffer Overflow
A vulnerability in the SonicWall NSM On-Prem product
CVE-2021-20026
8.8 - High
- May 27, 2021
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions.
Shell injection
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password
CVE-2021-20025
7.8 - High
- May 13, 2021
SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance remotely only when the device is freshly installed and not connected to Mysonicwall.
Use of Hard-coded Credentials
SonicWall Email Security version 10.0.9.x contains a vulnerability
CVE-2021-20023
4.9 - Medium
- April 20, 2021
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
Directory traversal
A command execution vulnerability in SonicWall GMS 9.3
CVE-2021-20020
9.8 - Critical
- April 10, 2021
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
authentification
A vulnerability in the SonicWall Email Security version 10.0.9.x
CVE-2021-20021
9.8 - Critical
- April 09, 2021
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
Improper Privilege Management
SonicWall Email Security version 10.0.9.x contains a vulnerability
CVE-2021-20022
7.2 - High
- April 09, 2021
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
Unrestricted File Upload
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client
CVE-2021-3449
5.9 - Medium
- March 25, 2021
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
NULL Pointer Dereference
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain
CVE-2021-3450
7.4 - High
- March 25, 2021
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
Improper Certificate Validation