Sonicwall Sonicosv vulnerabilities

CVE-2022-22274 [CRITICAL] CWE-121 CVE-2022-22274: A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthen A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.

CVE-2021-20019 [HIGH] CWE-200 CVE-2021-20019: A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.

CVE-2020-5135 [CRITICAL] CWE-120 CVE-2020-5135: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5140 [HIGH] CWE-125 CVE-2020-5140: A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version Soni

CVE-2020-5139 [HIGH] CWE-763 CVE-2020-5139: A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial o A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5133 [HIGH] CWE-120 CVE-2020-5133: A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due t A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5138 [HIGH] CWE-122 CVE-2020-5138: A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denia A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5137 [HIGH] CWE-120 CVE-2020-5137: A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5134 [MEDIUM] CWE-125 CVE-2020-5134: A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file refer A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5141 [MEDIUM] CWE-799 CVE-2020-5141: A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ti A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5136 [MEDIUM] CWE-120 CVE-2020-5136: A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Servi A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

CVE-2020-5143 [MEDIUM] CWE-203 CVE-2020-5143: SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management ad SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

CVE-2020-5142 [MEDIUM] CWE-79 CVE-2020-5142: A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remo A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v

CVE-2019-7479 [HIGH] CWE-285 CVE-2019-7479: A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configurat A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SonicOS Gen 5 version 5.9.1.12-4o and earlier, Gen 6 version 6.2.7.4-32n, 6.5.1.4-4n, 6.5.2.3-4n, 6.5.3.3-3n, 6.2.7.10-3n, 6.4.1.0-3n, 6.5.3.3-3n, 6.5.1.9-4n and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (A

CVE-2019-7475 [CRITICAL] CWE-284 CVE-2019-7475: A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configu A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8

CVE-2019-7477 [HIGH] CWE-327 CVE-2019-7477: A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain se A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CBC cipher suites are enabled. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWA

CVE-2019-7474 [MEDIUM] CWE-248 CVE-2019-7474: A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOS

CVE-2018-9867 [MEDIUM] CWE-285 CVE-2018-9867: In SonicWall SonicOS, administrators without full permissions can download imported certificates. Oc In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8,