Sonicwall Sonicos vulnerabilities

CVE-2026-3439 [MEDIUM] CWE-121 CVE-2026-3439: A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allo A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.

CVE-2026-0401 [MEDIUM] CWE-476 CVE-2026-0401: A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

CVE-2026-0402 [MEDIUM] CWE-125 CVE-2026-0402: A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

CVE-2026-0400 [MEDIUM] CWE-134 CVE-2026-0400: A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a fir A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

CVE-2026-0399 [MEDIUM] CWE-121 CVE-2026-0399: Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management i Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

CVE-2025-40601 [HIGH] CWE-121 CVE-2025-40601: A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenti A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

CVE-2025-40600 [CRITICAL] CWE-134 CVE-2025-40600: Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a r Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

CVE-2025-32818 [HIGH] CWE-476 CVE-2025-32818: A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a rem A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition.

CVE-2024-12802 [CRITICAL] CWE-305 CVE-2024-12802: SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiti

CVE-2024-40765 [CRITICAL] CWE-190 CVE-2024-40765: An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.

CVE-2024-40762 [CRITICAL] CWE-338 CVE-2024-40762: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentica Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

CVE-2024-53704 [CRITICAL] CWE-287 CVE-2024-53704: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote atta An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

CVE-2024-12803 [HIGH] CWE-121 CVE-2024-12803: A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remot A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

CVE-2024-12805 [HIGH] CWE-134 CVE-2024-12805: A post-authentication format string vulnerability in SonicOS management allows a remote attacker to A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.

CVE-2024-53706 [HIGH] CWE-269 CVE-2024-53706: A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-priv A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.

CVE-2024-53705 [HIGH] CWE-918 CVE-2024-53705: A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

CVE-2024-12806 [MEDIUM] CWE-37 CVE-2024-12806: A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote at A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

CVE-2024-40766 [CRITICAL] CWE-284 CVE-2024-40766: An improper access control vulnerability has been identified in the SonicWall SonicOS management acc An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions

CVE-2024-40764 [HIGH] CWE-122 CVE-2024-40764: Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote a Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

CVE-2024-29012 [HIGH] CWE-121 CVE-2024-29012: Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.