CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29014
https://notcve.org/view.php?id=CVE-2024-29014
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. Una vulnerabilidad en el cliente SonicWall SMA100 NetExtender Windows (32 y 64 bits) 10.2.339 y versiones anteriores permite a un atacante ejecutar código arbitrario al procesar una actualización del cliente EPC. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29011 – SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29011
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. El uso de una contraseña codificada en el endpoint de GMS ECM genera una vulnerabilidad de omisión de autenticación. Este problema afecta a GMS: 9.3.4 y versiones anteriores. This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ECMClientAuthenticator class. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-259: Use of Hard-coded Password •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29010 – SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29010
The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions. El documento XML procesado en el endpoint URL de GMS ECM es vulnerable a la inyección de entidad externa XML (XXE), lo que podría resultar en la divulgación de información confidencial. Este problema afecta a GMS: 9.3.4 y versiones anteriores. This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ECMPolicyRequest class. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22398
https://notcve.org/view.php?id=CVE-2024-22398
An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system. Una vulnerabilidad de limitación inadecuada de un nombre de ruta a un directorio restringido (Path Traversal) en SonicWall Email Security Appliance podría permitir que un atacante remoto con privilegios administrativos lleve a cabo un ataque directory traversal y elimine archivos arbitrarios del sistema de archivos del dispositivo. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2024-22394
https://notcve.org/view.php?id=CVE-2024-22394
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. Se ha identificado una vulnerabilidad de autenticación incorrecta en la función SSL-VPN de SonicWall SonicOS, que en condiciones específicas podría permitir que un atacante remoto omita la autenticación. Este problema afecta únicamente a la versión de firmware SonicOS 7.1.1-7040. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003 • CWE-287: Improper Authentication •