CVSS: 7.5EPSS: 14%CPEs: 59EXPL: 3CVE-2022-47522
https://notcve.org/view.php?id=CVE-2022-47522
15 Apr 2023 — The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a clien... • https://github.com/toffeenutt/CVE-2022-47522-exploit • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 43%CPEs: 34EXPL: 1CVE-2023-0656
https://notcve.org/view.php?id=CVE-2023-0656
02 Mar 2023 — A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. • https://github.com/BishopFox/CVE-2022-22274_CVE-2023-0656 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 71EXPL: 0CVE-2023-1101
https://notcve.org/view.php?id=CVE-2023-1101
02 Mar 2023 — SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 98EXPL: 0CVE-2022-22278
https://notcve.org/view.php?id=CVE-2022-22278
27 Apr 2022 — A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack Una vulnerabilidad en SonicOS CFS (servicio de filtrado de contenidos) devuelve un gran mensaje de respuesta HTTP 403 prohibido a la dirección de origen cuando usuarios intentan acceder a un recurso prohibido, lo que permite a un atacante causar un ataque de Denega... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 129EXPL: 0CVE-2022-22277
https://notcve.org/view.php?id=CVE-2022-22277
27 Apr 2022 — A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. Una vulnerabilidad en el servicio SNMP de SonicOS resultando en una exposición de información confidencial del punto de acceso inalámbrico en texto sin cifrar • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 98EXPL: 0CVE-2022-22276
https://notcve.org/view.php?id=CVE-2022-22276
27 Apr 2022 — A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. Una vulnerabilidad en el servicio SNMP de SonicOS resultando en una exposición de información confidencial a un usuario no autorizado • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2022-22275
https://notcve.org/view.php?id=CVE-2022-22275
27 Apr 2022 — Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable. Una Restricción Inapropiada del Canal de Comunicación TCP en el tráfico de entrada HTTP/S de la WAN a la DMZ omitiendo la política de seguridad hasta el apretón de manos TCP, resultando potencialmente en un ataque de Denegación de Servicio (DoS) si el host de destino es vulnerable • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 47%CPEs: 34EXPL: 3CVE-2022-22274
https://notcve.org/view.php?id=CVE-2022-22274
25 Mar 2022 — A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. Una vulnerabilidad de desbordamiento de búfer en la región Stack de la memoria en SonicOS por medio de una petición HTTP permite a un atacante remoto no autenticado causar una denegación de servicio (DoS) o potencialmente resultando en una ejecución de código en el firewall • https://github.com/4lucardSec/Sonic_CVE-2022-22274_poc • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 129EXPL: 0CVE-2021-20048
https://notcve.org/view.php?id=CVE-2021-20048
07 Jan 2022 — A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. Un desbordamiento del búfer en la región Stack de la memoria en el encabezado de respuesta HTTP SessionID de SonicOS permite a un atacante remoto autenticado causar una Denegación de Servicio (DoS) y potencialmente resultar en ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0028 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 129EXPL: 0CVE-2021-20046
https://notcve.org/view.php?id=CVE-2021-20046
07 Jan 2022 — A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions. Un desbordamiento del búfer en la región Stack de la memoria en el encabezado de respuesta HTTP Content-Length de SonicOS permite a un atacante remoto autenticado causar una Denegación de Servicio (DoS) y potencialmente re... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0027 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •