SonicWall Sonicos
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SonicWall Sonicos.
Known Exploited SonicWall Sonicos Vulnerabilities
The following SonicWall Sonicos vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| SonicWall SonicOS SSLVPN Improper Authentication Vulnerability |
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. CVE-2024-53704 Exploit Probability: 93.9% |
February 18, 2025 |
| SonicWall SonicOS Improper Access Control Vulnerability |
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. CVE-2024-40766 Exploit Probability: 3.4% |
September 9, 2024 |
| SonicWall SonicOS Buffer Overflow Vulnerability |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. CVE-2020-5135 Exploit Probability: 25.0% |
March 15, 2022 |
The vulnerability CVE-2024-53704: SonicWall SonicOS SSLVPN Improper Authentication Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2020-5135: SonicWall SonicOS Buffer Overflow Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 5 vulnerabilities in SonicWall Sonicos with an average score of 4.9 out of ten. Last year, in 2025 Sonicos had 9 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Sonicos in 2026 could surpass last years number. Last year, the average CVE base score was greater by 2.95
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 4.90 |
| 2025 | 9 | 7.85 |
| 2024 | 8 | 8.27 |
| 2023 | 11 | 7.10 |
| 2022 | 2 | 0.00 |
| 2021 | 5 | 6.65 |
| 2020 | 13 | 6.83 |
| 2019 | 15 | 7.38 |
It may take a day or so for new Sonicos vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SonicWall Sonicos Security Vulnerabilities
SonicOS Stack-Based Buffer Overflow in Cert Handling Enables Crash
CVE-2026-3439
4.9 - Medium
- March 04, 2026
A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.
Stack Overflow
SonicOS Post-Auth OOB Read Crash Vulnerability
CVE-2026-0402
- February 24, 2026
A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.
Out-of-bounds Read
NULL Pointer Deref in SonicOS Firewall PostAuth Crash Vulnerability
CVE-2026-0401
- February 24, 2026
A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.
NULL Pointer Dereference
SonicOS Post-Auth Format String Crash CVE-2026-0400
CVE-2026-0400
- February 24, 2026
A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.
Use of Externally-Controlled Format String
SonicOS API stack buffer overflow (post-auth)
CVE-2026-0399
- February 24, 2026
Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.
Stack Overflow
SonicOS SSLVPN Buffer Overflow Remote Unauth DoS
CVE-2025-40601
7.5 - High
- November 20, 2025
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
Stack Overflow
SonicOS SSL VPN Format String Causing DoS
CVE-2025-40600
- July 29, 2025
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.
Use of Externally-Controlled Format String
SonicOS SSLVPN Virtual Office NPE in SSLVPN Interface allows Remote DoS
CVE-2025-32818
- April 23, 2025
A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.
NULL Pointer Dereference
SonicOS CLI Buffer Overflow Enables Remote Crash
CVE-2024-12803
- January 09, 2025
A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
Stack Overflow
SonicOS Post-Auth Format String Vulnerability Enables Crash & RCE
CVE-2024-12805
- January 09, 2025
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
Use of Externally-Controlled Format String
SonicOS Admin Absolute Path Traversal Enables Post-Auth File Read
CVE-2024-12806
- January 09, 2025
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.
Path Traversal: '/absolute/pathname/here'
Integer Overflow in SonicOS IPSec (IKEv2) Remote DoS/Exec
CVE-2024-40765
- January 09, 2025
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
Integer Overflow or Wraparound
Improper Auth in SSLVPN auth bypass vulnerability
CVE-2024-53704
8.2 - High
- January 09, 2025
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
authentification
SSRF in SonicOS SSH Mgmt Enables Remote TCP Connections
CVE-2024-53705
- January 09, 2025
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
SSRF
SonicWall SonicOS 7.0.1-5035 MM Access Control Vulnerability
CVE-2024-40766
9.3 - Critical
- August 23, 2024
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Authorization
SonicOS IPSec VPN Heap Overflow DoS
CVE-2024-40764
7.5 - High
- July 18, 2024
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
Memory Corruption
RADIUS MD5 Response Authenticator Forgery via Chosen-Prefix Collision
CVE-2024-3596
9 - Critical
- July 09, 2024
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
SonicOS HTTP Server Stack Overflow Causing DoS (CVE-2024-29012)
CVE-2024-29012
7.5 - High
- June 20, 2024
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
Memory Corruption
Heap BOverflow in SonicOS SSLVPN memcpy Causing DoS
CVE-2024-29013
6.5 - Medium
- June 20, 2024
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
Memory Corruption
SonicOS IPSec IKEv2 Int Buffer Overflow
CVE-2024-22396
- March 14, 2024
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
Integer Overflow or Wraparound
SonicOS SSLVPN Portal XSS for Authenticated Admin Users
CVE-2024-22397
- March 14, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.
XSS
Improper Auth Bypass in SonicWall SonicOS 7.1.1-7040 SSL-VPN
CVE-2024-22394
9.8 - Critical
- February 08, 2024
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.
authentification
SonicOS Buffer Overflow in sonicflow.csv causes firewall crash
CVE-2023-39277
6.5 - Medium
- October 17, 2023
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
Memory Corruption
SonicOS POST Auth Stack Buffer Overflow in ssoStats-s.xml/wri
CVE-2023-39280
6.5 - Medium
- October 17, 2023
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
Memory Corruption
SonicOS getPacketReplayData.JSON SB-Buffer Overflow Crashes Firewall
CVE-2023-39279
6.5 - Medium
- October 17, 2023
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
Memory Corruption
SonicOS main.cgi Stack-Based Buffer Overflow via Post-Auth Assertion Failure
CVE-2023-39278
6.5 - Medium
- October 17, 2023
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
Memory Corruption
SonicWall SonicOS buffer overflow in getBookmarkList.json
CVE-2023-39276
6.5 - Medium
- October 17, 2023
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
Memory Corruption
SonicOS sonicwall.exp/Prefs.exp PostAuth Stack Overflow (CVE202341711)
CVE-2023-41711
6.5 - Medium
- October 17, 2023
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
Memory Corruption
SonicOS SSL VPN Buffer Overflow CVE-2023-41712
CVE-2023-41712
6.5 - Medium
- October 17, 2023
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
Memory Corruption
SonicOS Hard-coded Password in dynHandleBuyToolbar Demo
CVE-2023-41713
7.5 - High
- October 17, 2023
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
Use of Hard-coded Credentials
SonicOS SSLVPN Tunnel PostAuth Privilege Escalation
CVE-2023-41715
8.8 - High
- October 17, 2023
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
Improper Privilege Management
SonicOS SSLVPN Improper MFA Restriction Allows Authenticated Attack
CVE-2023-1101
8.8 - High
- March 02, 2023
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.
Improper Restriction of Excessive Authentication Attempts
Stack Buffer Overflow in SonicOS Firewall Remote DoS
CVE-2023-0656
7.5 - High
- March 02, 2023
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
Memory Corruption
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header
CVE-2021-20048
- January 10, 2022
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
Stack Overflow
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header
CVE-2021-20046
- January 10, 2022
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.
Stack Overflow
A Host Header Redirection vulnerability in SonicOS potentially
CVE-2021-20031
- October 12, 2021
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
Open Redirect
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this
CVE-2021-20019
- June 23, 2021
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
Information Disclosure
A buffer overflow vulnerability in SonicOS
CVE-2021-20027
- June 14, 2021
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
Classic Buffer Overflow
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client
CVE-2021-3449
5.9 - Medium
- March 25, 2021
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
NULL Pointer Dereference
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain
CVE-2021-3450
7.4 - High
- March 25, 2021
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
Improper Certificate Validation
SonicOS SSLVPN login page
CVE-2020-5143
5.3 - Medium
- October 12, 2020
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Side Channel Attack
A vulnerability in SonicOS
CVE-2020-5133
7.5 - High
- October 12, 2020
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
Classic Buffer Overflow
A buffer overflow vulnerability in SonicOS
CVE-2020-5135
9.8 - Critical
- October 12, 2020
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
Classic Buffer Overflow
A buffer overflow vulnerability in SonicOS
CVE-2020-5136
6.5 - Medium
- October 12, 2020
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
Classic Buffer Overflow
A buffer overflow vulnerability in SonicOS
CVE-2020-5137
7.5 - High
- October 12, 2020
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
Classic Buffer Overflow
A Heap Overflow vulnerability in the SonicOS
CVE-2020-5138
7.5 - High
- October 12, 2020
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Memory Corruption
A vulnerability in SonicOS SSLVPN service
CVE-2020-5139
7.5 - High
- October 12, 2020
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Release of Invalid Pointer or Reference
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request
CVE-2020-5140
7.5 - High
- October 12, 2020
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Out-of-bounds Read
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service
CVE-2020-5141
6.5 - Medium
- October 12, 2020
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Improper Restriction of Excessive Authentication Attempts
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface
CVE-2020-5142
6.1 - Medium
- October 12, 2020
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SonicWall Sonicos or by SonicWall? Click the Watch button to subscribe.