CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 1CVE-2024-53704 – SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2024-53704
09 Jan 2025 — An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Base64-encoded session cookies. The issue results from an incorrect implementation of an authentication algorithm. An attacker can leverage this vulnerabilit... • https://github.com/istagmbh/CVE-2024-53704 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53705 – SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2024-53705
09 Jan 2025 — A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of SonicWALL NSv. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SSH Manageme... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53706 – SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-53706
09 Jan 2025 — A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL NSv. An attacker must first obtain the ability to execute low-privileged code on the target system or send a TCP packet to a local service in order to exploit this vulnerability. The specific flaw exists within the setSs... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40762 – SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-40762
09 Jan 2025 — Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation of cookies. The issue results from the use of a cryptographically ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53703
https://notcve.org/view.php?id=CVE-2024-53703
05 Dec 2024 — A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53702
https://notcve.org/view.php?id=CVE-2024-53702
05 Dec 2024 — Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45319
https://notcve.org/view.php?id=CVE-2024-45319
05 Dec 2024 — A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45318
https://notcve.org/view.php?id=CVE-2024-45318
05 Dec 2024 — A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40763
https://notcve.org/view.php?id=CVE-2024-40763
05 Dec 2024 — Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45317
https://notcve.org/view.php?id=CVE-2024-45317
11 Oct 2024 — A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0017 • CWE-918: Server-Side Request Forgery (SSRF) •