Sonicwall Sonicos vulnerabilities

CVE-2021-20048 [HIGH] CWE-121 CVE-2021-20048: A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenti A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

CVE-2021-20046 [HIGH] CWE-121 CVE-2021-20046: A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote aut A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

CVE-2021-20031 [MEDIUM] CWE-601 CVE-2021-20031: A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.

CVE-2021-20019 [HIGH] CWE-200 CVE-2021-20019: A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.

CVE-2021-20027 [HIGH] CWE-120 CVE-2021-20027: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (Do A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.

CVE-2021-3450 [HIGH] CWE-295 CVE-2021-3450: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation

CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr

CVE-2020-5135 [CRITICAL] CWE-120 CVE-2020-5135: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5140 [HIGH] CWE-125 CVE-2020-5140: A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version Soni

CVE-2020-5133 [HIGH] CWE-120 CVE-2020-5133: A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due t A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5139 [HIGH] CWE-763 CVE-2020-5139: A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial o A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5138 [HIGH] CWE-122 CVE-2020-5138: A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denia A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5137 [HIGH] CWE-120 CVE-2020-5137: A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5141 [MEDIUM] CWE-799 CVE-2020-5141: A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ti A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5134 [MEDIUM] CWE-125 CVE-2020-5134: A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file refer A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5136 [MEDIUM] CWE-120 CVE-2020-5136: A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Servi A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5142 [MEDIUM] CWE-79 CVE-2020-5142: A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remo A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v

CVE-2020-5143 [MEDIUM] CWE-203 CVE-2020-5143: SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management ad SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5132 [MEDIUM] CWE-200 CVE-2020-5132: SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of

CVE-2020-5130 [MEDIUM] CWE-20 CVE-2020-5130: SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.