cbcvebase.

Sonicwall Sma100 Firmware vulnerabilities

5 known vulnerabilities affecting sonicwall/sma100_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-3450P3HIGHCVSS 7.4fixed in 10.2.1.0-17sv2021-03-25
CVE-2021-3450 [HIGH] CWE-295 CVE-2021-3450: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation
nvd
CVE-2021-20017P3HIGHCVSS 8.8≤ 10.2.0.52021-03-13
CVE-2021-20017 [HIGH] CWE-78 CVE-2021-20017: A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated att A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
nvd
CVE-2021-3449P3MEDIUMCVSS 5.9≥ 10.2.0.0, < 10.2.1.0-17sv2021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2020-5132P4MEDIUMCVSS 5.3v10.2.0.2-20svv12.4.0-22232020-09-30
CVE-2020-5132 [MEDIUM] CWE-200 CVE-2020-5132: SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of
nvd
CVE-2021-20018P4MEDIUMCVSS 4.9≤ 10.2.0.52021-03-13
CVE-2021-20018 [MEDIUM] CWE-200 CVE-2021-20018: A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuratio A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
nvd
Sonicwall Sma100 Firmware vulnerabilities | cvebase