Refine your search
19 vulnerabilities found for SonicOS by Sonicwall
CERTFR-2025-ALE-011
Vulnerability from certfr_alerte
[Mise à jour du 7 août 2025]
Le 6 août 2025, SonicWall a remplacé une partie de son communiqué initial pour indiquer que les incidents de sécurité évoqués étaient vraisemblablement corrélés à la vulnérabilité CVE-2024-40766. Celle-ci a fait l'objet d'un bulletin de sécurité, SNWLID-2024-0015 (cf. section Documentation), publié le 8 août 2024.
Selon l'éditeur, nombre de ces incidents de sécurité sont liés à une migration de la génération 6 à 7, mais au cours de laquelle les mots de passe n'ont pas été modifiés, à l'encontre des préconisations de l'avis SNWLID-2024-0015.
[Publication Initiale]
Le 4 août 2025, SonicWall a publié un communiqué (cf. section Documentation) concernant des incidents de sécurité constatés sur les pare-feux de génération 7 lorsque le VPN SSL est activé.
L'éditeur déclare ne pas savoir si ces incidents sont liés à une vulnérabilité déjà connue ou s'il s'agit d'une nouvelle vulnérabilité.
Plusieurs entreprises de sécurité, citées par l'éditeur, ont publié des billets de blogue, dont certains sont disponibles en source ouverte.
Ceux-ci proposent des indicateurs de compromission qui n'ont pas été qualifiés par le CERT-FR.
Contournement provisoire
Dans l'attente de plus de renseignements, voire d'un éventuel correctif, l'éditeur conseille de désactiver le VPN SSL.
Si cela n'est pas possible, celui-ci recommande a minima de : * limiter l'accès à des adresses IP de confiance ; * activer les services de sécurité proposés ; * activer l'authentification à multiples facteurs ; * supprimer les comptes inactifs ; * mettre à jour les mots de passe en accord avec les bonnes pratiques (cf. section Documentation).
Solution
[Mise à jour du 7 août 2025]
L'éditeur recommande d'installer la version 7.3.0 de SonicOS, qui contient des mesures de protection contre des attaques par force brute. De plus, SonicWall conseille de modifier tous les mots de passe des utilisateurs, en complément des mesures déjà préconisées (cf. Contournement provisoire).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Pare-feux SonicWall de g\u00e9n\u00e9ration 7 avec le VPN SSL activ\u00e9",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2025-08-18",
"content": "## Contournement provisoire\n\nDans l\u0027attente de plus de renseignements, voire d\u0027un \u00e9ventuel correctif, l\u0027\u00e9diteur conseille de d\u00e9sactiver le VPN SSL.\n\nSi cela n\u0027est pas possible, celui-ci recommande a minima de :\n* limiter l\u0027acc\u00e8s \u00e0 des adresses IP de confiance ;\n* activer les services de s\u00e9curit\u00e9 propos\u00e9s ;\n* activer l\u0027authentification \u00e0 multiples facteurs ; \n* supprimer les comptes inactifs ;\n* mettre \u00e0 jour les mots de passe en accord avec les bonnes pratiques (cf. section Documentation).\n\n## Solution\n\n\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 7 ao\u00fbt 2025]\u003c/span\u003e\n\nL\u0027\u00e9diteur recommande d\u0027installer la version 7.3.0 de SonicOS, qui contient des mesures de protection contre des attaques par force brute. De plus, SonicWall conseille de modifier tous les mots de passe des utilisateurs, en compl\u00e9ment des mesures d\u00e9j\u00e0 pr\u00e9conis\u00e9es (cf. Contournement provisoire).\n",
"cves": [],
"initial_release_date": "2025-08-05T00:00:00",
"last_revision_date": "2025-08-18T00:00:00",
"links": [
{
"title": "Alerte CERT-FR CERTFR-2024-ALE-011 du 10 septembre 2024",
"url": "https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-011/"
},
{
"title": "Recommandations relatives \u00e0 l\u0027authentification multifacteur et aux mots de passe",
"url": "https://cyber.gouv.fr/publications/recommandations-relatives-lauthentification-multifacteur-et-aux-mots-de-passe"
},
{
"title": "CERTFR-2025-RFX-002 : Compromission d\u0027un \u00e9quipement de bordure r\u00e9seau - Endiguement",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2025-RFX-002/"
},
{
"title": "CERTFR-2025-RFX-001 : Compromission d\u0027un \u00e9quipement de bordure r\u00e9seau - Qualification",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2025-RFX-001/"
}
],
"reference": "CERTFR-2025-ALE-011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-05T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour avec les nouveaux \u00e9l\u00e9ments de l\u0027\u00e9diteur.",
"revision_date": "2025-08-07T00:00:00.000000"
},
{
"description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2025-08-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 7 ao\u00fbt 2025]\u003c/span\u003e\n\nLe 6 ao\u00fbt 2025, SonicWall a remplac\u00e9 une partie de son communiqu\u00e9 initial pour indiquer que les incidents de s\u00e9curit\u00e9 \u00e9voqu\u00e9s \u00e9taient vraisemblablement corr\u00e9l\u00e9s \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-40766. Celle-ci a fait l\u0027objet d\u0027un bulletin de s\u00e9curit\u00e9, SNWLID-2024-0015 (cf. section Documentation), publi\u00e9 le 8 ao\u00fbt 2024. \n\nSelon l\u0027\u00e9diteur, nombre de ces incidents de s\u00e9curit\u00e9 sont li\u00e9s \u00e0 une migration de la g\u00e9n\u00e9ration 6 \u00e0 7, mais au cours de laquelle les mots de passe n\u0027ont pas \u00e9t\u00e9 modifi\u00e9s, \u00e0 l\u0027encontre des pr\u00e9conisations de l\u0027avis SNWLID-2024-0015. \n\n**[Publication Initiale]**\n\nLe 4 ao\u00fbt 2025, SonicWall a publi\u00e9 un communiqu\u00e9 (cf. section Documentation) concernant des incidents de s\u00e9curit\u00e9 constat\u00e9s sur les pare-feux de g\u00e9n\u00e9ration 7 lorsque le VPN SSL est activ\u00e9.\n\nL\u0027\u00e9diteur d\u00e9clare ne pas savoir si ces incidents sont li\u00e9s \u00e0 une vuln\u00e9rabilit\u00e9 d\u00e9j\u00e0 connue ou s\u0027il s\u0027agit d\u0027une nouvelle vuln\u00e9rabilit\u00e9.\n\nPlusieurs entreprises de s\u00e9curit\u00e9, cit\u00e9es par l\u0027\u00e9diteur, ont publi\u00e9 des billets de blogue, dont certains sont disponibles en source ouverte.\u003cbr /\u003e\nCeux-ci proposent des indicateurs de compromission qui n\u0027ont pas \u00e9t\u00e9 qualifi\u00e9s par le CERT-FR.",
"title": "Incidents de s\u00e9curit\u00e9 dans les pare-feux SonicWall",
"vendor_advisories": [
{
"published_at": "2024-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
},
{
"published_at": "2025-08-04",
"title": "Communiqu\u00e9 SonicWall",
"url": "https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430"
}
]
}
CERTFR-2024-ALE-011
Vulnerability from certfr_alerte
Le 22 août 2024, Sonicwall a publié un correctif concernant la vulnérabilité critique CVE-2024-40766 affectant les pare-feux Sonicwall génération 5, 6 et 7.
Cette vulnérabilité, de type contrôle d'accès défaillant, permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Le 6 septembre 2024, l'éditeur complète son avis en précisant que la fonctionnalité SSLVPN est également affectée. De plus, Sonicwall indique que la vulnérabilité CVE-2024-40766 est potentiellement activement exploitée dans le cadre d'attaques ciblées.
Le CERT-FR recommande fortement de suivre les préconisations de l'éditeur :
- mettre à jour les mots de passe des utilisateurs de SSLVPN qui ont des comptes gérés localement pour renforcer la sécurité et empêcher les accès non autorisés ;
- activer l'authentification à plusieurs facteurs des utilisateurs de SSLVPN.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | SonicOS | Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions antérieures ou égales à 7.0.1-5035 | ||
| Sonicwall | SonicOS | SOHO (Gen 5) versions antérieures à 5.9.2.14-13o | ||
| Sonicwall | SonicOS | Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions antérieures à 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions antérieures à 6.5.4.15.116n pour les autres références |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Gen7 Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700 versions ant\u00e9rieures ou \u00e9gales \u00e0 7.0.1-5035",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SOHO (Gen 5) versions ant\u00e9rieures \u00e0 5.9.2.14-13o",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen6 Firewalls - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650,NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions ant\u00e9rieures \u00e0 6.5.2.8-2n pour SM9800, NSsp 12400, NSsp 12800 et versions ant\u00e9rieures \u00e0 6.5.4.15.116n pour les autres r\u00e9f\u00e9rences",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2024-11-21",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-40766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40766"
}
],
"initial_release_date": "2024-09-10T00:00:00",
"last_revision_date": "2024-11-21T00:00:00",
"links": [
{
"title": "Configuration du syst\u00e8me SonicWall SonicOS 6.5",
"url": "https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-system-setup.pdf"
},
{
"title": "Comment configurer l\u0027authentification \u00e0 plusieurs facteurs pour SSLVPN avec TOTP",
"url": "https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-2fa-for-ssl-vpn-with-totp/190829123329169"
},
{
"title": "Guide d\u0027administration SonicOS 5.9",
"url": "https://www.sonicwall.com/techdocs/pdf/sonicos-5-9-admin-guide.pdf"
}
],
"reference": "CERTFR-2024-ALE-011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2024-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Le 22 ao\u00fbt 2024, Sonicwall a publi\u00e9 un correctif concernant la vuln\u00e9rabilit\u00e9 critique CVE-2024-40766 affectant les pare-feux Sonicwall g\u00e9n\u00e9ration 5, 6 et 7.\nCette vuln\u00e9rabilit\u00e9, de type contr\u00f4le d\u0027acc\u00e8s d\u00e9faillant, permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\u003cbr/\u003e\nLe 6 septembre 2024, l\u0027\u00e9diteur compl\u00e8te son avis en pr\u00e9cisant que la fonctionnalit\u00e9 SSLVPN est \u00e9galement affect\u00e9e. De plus, Sonicwall indique que la vuln\u00e9rabilit\u00e9 CVE-2024-40766 est potentiellement activement exploit\u00e9e dans le cadre d\u0027attaques cibl\u00e9es.\u003cbr/\u003e\n\nLe CERT-FR recommande fortement de suivre les pr\u00e9conisations de l\u0027\u00e9diteur :\n\n* mettre \u00e0 jour les mots de passe des utilisateurs de SSLVPN qui ont des comptes g\u00e9r\u00e9s localement pour renforcer la s\u00e9curit\u00e9 et emp\u00eacher les acc\u00e8s non autoris\u00e9s ;\n* activer l\u0027authentification \u00e0 plusieurs facteurs des utilisateurs de SSLVPN.",
"title": "Vuln\u00e9rabilit\u00e9 dans SonicWall",
"vendor_advisories": [
{
"published_at": "2024-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0015",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
},
{
"published_at": "2024-08-23",
"title": "Avis de s\u00e9curit\u00e9 CERT-FR CERTFR-2024-AVI-0712",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0712/"
}
]
}
CERTFR-2025-AVI-0345
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Sonicwall SonicOS. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SonicOS versions 8.x ant\u00e9rieures \u00e0 8.0.1-8017",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 7.1.x ant\u00e9rieures \u00e0 7.2.0-7015",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-04-24T00:00:00",
"last_revision_date": "2025-04-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0345",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Sonicwall SonicOS. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Sonicwall SonicOS",
"vendor_advisories": [
{
"published_at": "2025-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2025-0009",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009"
}
]
}
CERTFR-2025-AVI-0013
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SonicWall. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | SonicOS | Pare-feux Gen7 TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 versions 7.1.x antérieures à 7.1.3-7015 | ||
| Sonicwall | SonicOS | Pare-feux Gen7 TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 versions antérieures à 7.0.1-5165 | ||
| Sonicwall | SonicOS | Gen7 NSv - NSv 270, NSv 470, NSv 870 versions antérieures à 7.0.1-5165 | ||
| Sonicwall | SonicOS | Gen7 NSv - NSv 270, NSv 470, NSv 870 versions 7.1.x antérieures à 7.1.3-7015 | ||
| Sonicwall | SonicOS | Pare-feux Gen6 - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions antérieures à 6.5.5.1-6n | ||
| Sonicwall | SonicOS | Gen6 NSv - NSv10, NSv25, NSv50, NSv100, NSv200, NSv300, NSv400, NSv800, NSv1600 versions antérieures à 6.5.4.4-44v-21-2472 et 6.5.4.v-21s-RC2457 | ||
| Sonicwall | SonicOS | TZ80 versions antérieures à 8.0.0-8037 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Pare-feux Gen7 TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 versions 7.1.x ant\u00e9rieures \u00e0 7.1.3-7015",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Pare-feux Gen7 TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 versions ant\u00e9rieures \u00e0 7.0.1-5165",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 NSv - NSv 270, NSv 470, NSv 870 versions ant\u00e9rieures \u00e0 7.0.1-5165",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 NSv - NSv 270, NSv 470, NSv 870 versions 7.1.x ant\u00e9rieures \u00e0 7.1.3-7015",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Pare-feux Gen6 - SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W versions ant\u00e9rieures \u00e0 6.5.5.1-6n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen6 NSv - NSv10, NSv25, NSv50, NSv100, NSv200, NSv300, NSv400, NSv800, NSv1600 versions ant\u00e9rieures \u00e0 6.5.4.4-44v-21-2472 et 6.5.4.v-21s-RC2457",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "TZ80 versions ant\u00e9rieures \u00e0 8.0.0-8037",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-40762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40762"
},
{
"name": "CVE-2024-12806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12806"
},
{
"name": "CVE-2024-12805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12805"
},
{
"name": "CVE-2024-12803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12803"
},
{
"name": "CVE-2024-53704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53704"
},
{
"name": "CVE-2024-53705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53705"
},
{
"name": "CVE-2024-12802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12802"
},
{
"name": "CVE-2024-53706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53706"
},
{
"name": "CVE-2024-40765",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40765"
}
],
"initial_release_date": "2025-01-08T00:00:00",
"last_revision_date": "2025-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SonicWall. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SonicWall",
"vendor_advisories": [
{
"published_at": "2025-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2025-0003",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
},
{
"published_at": "2025-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2025-0001",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001"
},
{
"published_at": "2025-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2025-0004",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0004"
},
{
"published_at": "2025-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0013",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013"
}
]
}
CERTFR-2024-AVI-0605
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Sonicwall. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | SonicOS | SonicOS IPSec VPN Gen7 (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870) versions 7.0.x antérieures à 7.0.1-5161 | ||
| Sonicwall | SonicOS | SonicOS IPSec VPN Gen7 (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870) versions 7.1.1-x antérieures à 7.1.1-7058 | ||
| Sonicwall | SonicOS | SonicOS IPSec VPN Gen7 (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870) versions 7.1.2-x antérieures à 7.1.2-7019 | ||
| Sonicwall | SonicOS | SonicOS IPSec VPN Gen6 NSv (NSv10, NSv25, NSv50, NSv100, NSv200, NSv300, NSv400, NSv800, NSv1600) versions antérieures à 6.5.4.v-21s-RC2457 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SonicOS IPSec VPN Gen7 (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1-5161",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS IPSec VPN Gen7 (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870) versions 7.1.1-x ant\u00e9rieures \u00e0 7.1.1-7058",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS IPSec VPN Gen7 (TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870) versions 7.1.2-x ant\u00e9rieures \u00e0 7.1.2-7019",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS IPSec VPN Gen6 NSv (NSv10, NSv25, NSv50, NSv100, NSv200, NSv300, NSv400, NSv800, NSv1600) versions ant\u00e9rieures \u00e0 6.5.4.v-21s-RC2457",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-40764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40764"
}
],
"initial_release_date": "2024-07-18T00:00:00",
"last_revision_date": "2024-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0605",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Sonicwall. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Sonicwall",
"vendor_advisories": [
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0012",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012"
}
]
}
CERTFR-2024-AVI-0509
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Sonicwall. Elles permettent à un attaquant de provoquer un déni de service à distance
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SonicOS versions ant\u00e9rieures \u00e0 7.1.1-7058",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-29013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29013"
},
{
"name": "CVE-2024-29012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29012"
}
],
"initial_release_date": "2024-06-20T00:00:00",
"last_revision_date": "2024-06-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0509",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Sonicwall. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SonicWall SonicOS",
"vendor_advisories": [
{
"published_at": "2024-06-20",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0009",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0009"
},
{
"published_at": "2024-06-20",
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0008",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0008"
}
]
}
CERTFR-2024-AVI-0217
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans SonicWall. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | N/A | Gen6 SonicOSv - NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur VMWare versions antérieures à 6.5.4.v_21s_RC2395 | ||
| Sonicwall | SonicOS | SonicOS versions 7.0.1-x antérieures à 7.0.1-5151 | ||
| Sonicwall | N/A | NSv (200, 400, 800, 1600) sur AWS NSv, AWS-PAYG et Azure versions antérieures à 6.5.4.v_21s_RC2395 | ||
| Sonicwall | N/A | Gen7 - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 NSv 270, NSv 470 et NSv 870 versions 7.1.x antérieures 7.1.1-7051 | ||
| Sonicwall | SonicOS | SonicOS versions 7.1.1-x antérieures à 7.1.1-7051 | ||
| Sonicwall | N/A | Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350 et TZ 350W versions antérieures à 6.5.4.14-107n | ||
| Sonicwall | N/A | Gen7 - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 NSv 270, NSv 470 et NSv 870 versions 7.0.x antérieures 7.0.1-5151 | ||
| Sonicwall | N/A | Email Security Appliance versions antérieures à 10.0.28.7941 | ||
| Sonicwall | N/A | NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur Hyper-V et KVM versions antérieures à 6.5.4.v_21s_RC2395 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Gen6 SonicOSv - NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur VMWare versions ant\u00e9rieures \u00e0 6.5.4.v_21s_RC2395",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 7.0.1-x ant\u00e9rieures \u00e0 7.0.1-5151",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "NSv (200, 400, 800, 1600) sur AWS NSv, AWS-PAYG et Azure versions ant\u00e9rieures \u00e0 6.5.4.v_21s_RC2395",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 NSv 270, NSv 470 et NSv 870 versions 7.1.x ant\u00e9rieures 7.1.1-7051",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 7.1.1-x ant\u00e9rieures \u00e0 7.1.1-7051",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen6 Firewalls -SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350 et TZ 350W versions ant\u00e9rieures \u00e0 6.5.4.14-107n",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 NSv 270, NSv 470 et NSv 870 versions 7.0.x ant\u00e9rieures 7.0.1-5151",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Email Security Appliance versions ant\u00e9rieures \u00e0 10.0.28.7941",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur Hyper-V et KVM versions ant\u00e9rieures \u00e0 6.5.4.v_21s_RC2395",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22398"
},
{
"name": "CVE-2024-22397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22397"
},
{
"name": "CVE-2024-22396",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22396"
}
],
"initial_release_date": "2024-03-14T00:00:00",
"last_revision_date": "2024-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0217",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SonicWall. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SonicWall",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0005 du 13 mars 2024",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0006 du 13 mars 2024",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0004 du 13 mars 2024",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0004"
}
]
}
CERTFR-2024-AVI-0105
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans SonicWall SonicOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SonicOS versions ant\u00e9rieures \u00e0 7.1.1-7047",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22394"
}
],
"initial_release_date": "2024-02-08T00:00:00",
"last_revision_date": "2024-02-08T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0105",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SonicWall SonicOS. Elle permet \u00e0\nun attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans SonicWall SonicOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2024-0003 du 8 f\u00e9vrier 2024",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003"
}
]
}
CERTFR-2023-AVI-0852
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans SonicWall SonicOS. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | SonicOS | NSv (200, 400, 800, 1600) sur Azure versions antérieures à 6.5.4.4-44v-21-2340 | ||
| Sonicwall | SonicOS | NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur Hyper-V versions antérieures à 6.5.4.4-44v-21-2340 | ||
| Sonicwall | SonicOS | Gen7 NSSP15700 versions antérieures à 7.0.1-5145 (R5175) | ||
| Sonicwall | SonicOS | NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur KVM versions antérieures à 6.5.4.4-44v-21-2340 | ||
| Sonicwall | SonicOS | Gen6 Firewalls SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350 et TZ 350W versions antérieures à 6.5.4.13-105n | ||
| Sonicwall | SonicOS | Gen7 NSv (KVM) versions antérieures à 7.0.1-5145 (R5175) | ||
| Sonicwall | SonicOS | Gen7 NSA4700, NSA5700, NSA6700, NSSP10700, NSSP11700 et NSSP13700 versions antérieures à 7.0.1-5145 (R5175) | ||
| Sonicwall | SonicOS | Gen7 NSv (VMWARE, AWS, AWS-PAYG, AZURE, HYPER-V) versions antérieures à 7.0.1-5145 (R5175) | ||
| Sonicwall | SonicOS | Gen7 TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSA2700 et NSA3700 versions antérieures à 7.0.1-5145 (R5175) | ||
| Sonicwall | SonicOS | Gen6 SonicOSv - NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur VMWare versions antérieures à 6.5.4.4-44v-21-2340 | ||
| Sonicwall | SonicOS | NSv (200, 400, 800, 1600) sur AWS NSv (200, 400, 800, 1600) sur AWS-PAYG versions antérieures à 6.5.4.4-44v-21-2340 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NSv (200, 400, 800, 1600) sur Azure versions ant\u00e9rieures \u00e0 6.5.4.4-44v-21-2340",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur Hyper-V versions ant\u00e9rieures \u00e0 6.5.4.4-44v-21-2340",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 NSSP15700 versions ant\u00e9rieures \u00e0 7.0.1-5145 (R5175)",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur KVM versions ant\u00e9rieures \u00e0 6.5.4.4-44v-21-2340",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen6 Firewalls SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350 et TZ 350W versions ant\u00e9rieures \u00e0 6.5.4.13-105n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 NSv (KVM) versions ant\u00e9rieures \u00e0 7.0.1-5145 (R5175)",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 NSA4700, NSA5700, NSA6700, NSSP10700, NSSP11700 et NSSP13700 versions ant\u00e9rieures \u00e0 7.0.1-5145 (R5175)",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 NSv (VMWARE, AWS, AWS-PAYG, AZURE, HYPER-V) versions ant\u00e9rieures \u00e0 7.0.1-5145 (R5175)",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen7 TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSA2700 et NSA3700 versions ant\u00e9rieures \u00e0 7.0.1-5145 (R5175)",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen6 SonicOSv - NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) sur VMWare versions ant\u00e9rieures \u00e0 6.5.4.4-44v-21-2340",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "NSv (200, 400, 800, 1600) sur AWS NSv (200, 400, 800, 1600) sur AWS-PAYG versions ant\u00e9rieures \u00e0 6.5.4.4-44v-21-2340",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-41713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41713"
},
{
"name": "CVE-2023-41711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41711"
},
{
"name": "CVE-2023-39280",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39280"
},
{
"name": "CVE-2023-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41715"
},
{
"name": "CVE-2023-39278",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39278"
},
{
"name": "CVE-2023-39277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39277"
},
{
"name": "CVE-2023-39279",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39279"
},
{
"name": "CVE-2023-41712",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41712"
},
{
"name": "CVE-2023-39276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39276"
}
],
"initial_release_date": "2023-10-17T00:00:00",
"last_revision_date": "2023-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0852",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SonicWall SonicOS.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, un contournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SonicWall SonicOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2023-0012 du 17 octobre 2023",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
]
}
CERTFR-2022-AVI-396
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SonicWall. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | SonicOS | SonicOS Gen7 séries NSv versions antérieures à 7.0.1.0-5051-1511 | ||
| Sonicwall | SonicOS | SonicOS Gen7 séries NSsp versions antérieures à 7.0.1.0-5051-R843 | ||
| Sonicwall | SonicOS | SonicOS Gen7 séries NSa versions antérieures à 7.0.1-5051-R2624 | ||
| Sonicwall | SonicOS | SonicOS Gen6 séries NSa versions antérieures à 6.5.4.10-95n | ||
| Sonicwall | SonicOS | SonicOS Gen6 séries Tz versions antérieures à 6.5.4.10-95n | ||
| Sonicwall | N/A | Global VPN Client versions antérieures à 4.10.7.1424 | ||
| Sonicwall | SonicOS | SonicOS Gen7 séries Tz versions antérieures à 7.0.1-5051-R2624 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SonicOS Gen7 s\u00e9ries NSv versions ant\u00e9rieures \u00e0 7.0.1.0-5051-1511",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS Gen7 s\u00e9ries NSsp versions ant\u00e9rieures \u00e0 7.0.1.0-5051-R843",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS Gen7 s\u00e9ries NSa versions ant\u00e9rieures \u00e0 7.0.1-5051-R2624",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS Gen6 s\u00e9ries NSa versions ant\u00e9rieures \u00e0 6.5.4.10-95n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS Gen6 s\u00e9ries Tz versions ant\u00e9rieures \u00e0 6.5.4.10-95n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Global VPN Client versions ant\u00e9rieures \u00e0 4.10.7.1424",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS Gen7 s\u00e9ries Tz versions ant\u00e9rieures \u00e0 7.0.1-5051-R2624",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22278"
},
{
"name": "CVE-2022-22276",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22276"
},
{
"name": "CVE-2021-20051",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20051"
},
{
"name": "CVE-2022-22275",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22275"
},
{
"name": "CVE-2022-22277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22277"
}
],
"initial_release_date": "2022-04-28T00:00:00",
"last_revision_date": "2022-04-28T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-396",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSonicWall. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SonicWall",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0036 du 27 avril 2022",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2022-0004 du 27 avril 2022",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004"
}
]
}
CERTFR-2021-AVI-540
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SonicWall. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Capture Client versions Cc 3.5 ant\u00e9rieures \u00e0 CC 3.6.24",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SMA100 versions 10.2.0.x ant\u00e9rieures \u00e0 10.2.1.0-17sv",
"product": {
"name": "N/A",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS(Gen7) NSa, TZ versions 7.0.1 ant\u00e9rieures \u00e0 Gen7 7.0.1-R1456",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
}
],
"initial_release_date": "2021-07-19T00:00:00",
"last_revision_date": "2021-07-19T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-540",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSonicWall. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SonicWall",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0013 du 15 juillet 2021",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
}
]
}
CERTFR-2021-AVI-480
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans SonicWall SonicOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | SonicOS | SonicOSv versions 6.5.4.4 antérieures à 6.5.4.4-44v-21-1288 | ||
| Sonicwall | SonicOS | SonicOS versions antérieures à 7.0.0.376, 7.0.1-R579 | ||
| Sonicwall | SonicOS | SonicOS versions 7.0.1-R1036 antérieures à 7.0.1-R1282/1283 | ||
| Sonicwall | SonicOS | SonicOS versions 6.5.4.8 antérieures à 6.5.4.8-89n | ||
| Sonicwall | SonicOS | SonicOS versions 7.0.0-R713 antérieures à 7.0.0-R906, 7.0.1-R1456 | ||
| Sonicwall | SonicOS | SonicOS versions 6.0.5.3-94o et antérieures. Un correctif sera disponible à une date ultérieure. | ||
| Sonicwall | SonicOS | SonicOS versions 6.5.1.12-3n et antérieures. Un correctif sera disponible à une date ultérieure. |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SonicOSv versions 6.5.4.4 ant\u00e9rieures \u00e0 6.5.4.4-44v-21-1288",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions ant\u00e9rieures \u00e0 7.0.0.376, 7.0.1-R579",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 7.0.1-R1036 ant\u00e9rieures \u00e0 7.0.1-R1282/1283",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 6.5.4.8 ant\u00e9rieures \u00e0 6.5.4.8-89n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 7.0.0-R713 ant\u00e9rieures \u00e0 7.0.0-R906, 7.0.1-R1456",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 6.0.5.3-94o et ant\u00e9rieures. Un correctif sera disponible \u00e0 une date ult\u00e9rieure.",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS versions 6.5.1.12-3n et ant\u00e9rieures. Un correctif sera disponible \u00e0 une date ult\u00e9rieure.",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-20019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20019"
}
],
"initial_release_date": "2021-06-23T00:00:00",
"last_revision_date": "2021-06-23T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2021-20019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20019"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0006 du 22 juin 2021",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0006"
}
],
"reference": "CERTFR-2021-AVI-480",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SonicWall SonicOS. Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans SonicWall SonicOS",
"vendor_advisories": []
}
CERTFR-2020-AVI-651
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Sonicwall SonicOS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Sonicwall | SonicOS | SonicOS 6.5.1.x versions antérieures à 6.5.1.12-1n | ||
| Sonicwall | SonicOS | Gen 7 versions antérieures à 7.0.0.0-2 | ||
| Sonicwall | SonicOS | SonicOS 6.5.4.x versions antérieures à 6.5.4.7-83n | ||
| Sonicwall | SonicOS | SonicOS 5.9.x versions antérieures à 5.9.2.13-7n | ||
| Sonicwall | SonicOS | SonicOS 6.0.x versions antérieures à 6.0.5.3-94o | ||
| Sonicwall | SonicOS | SonicOS 6.5.4.v versions antérieures à 6.5.4.v-21s-987 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SonicOS 6.5.1.x versions ant\u00e9rieures \u00e0 6.5.1.12-1n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "Gen 7 versions ant\u00e9rieures \u00e0 7.0.0.0-2",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS 6.5.4.x versions ant\u00e9rieures \u00e0 6.5.4.7-83n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS 5.9.x versions ant\u00e9rieures \u00e0 5.9.2.13-7n",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS 6.0.x versions ant\u00e9rieures \u00e0 6.0.5.3-94o",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
},
{
"description": "SonicOS 6.5.4.v versions ant\u00e9rieures \u00e0 6.5.4.v-21s-987",
"product": {
"name": "SonicOS",
"vendor": {
"name": "Sonicwall",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-5138",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5138"
},
{
"name": "CVE-2020-5142",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5142"
},
{
"name": "CVE-2020-5140",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5140"
},
{
"name": "CVE-2020-5133",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5133"
},
{
"name": "CVE-2020-5143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5143"
},
{
"name": "CVE-2020-5136",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5136"
},
{
"name": "CVE-2020-5137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5137"
},
{
"name": "CVE-2020-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5134"
},
{
"name": "CVE-2020-5141",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5141"
},
{
"name": "CVE-2020-5135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5135"
},
{
"name": "CVE-2020-5139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5139"
}
],
"initial_release_date": "2020-10-19T00:00:00",
"last_revision_date": "2020-10-19T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-651",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Sonicwall SonicOS.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Sonicwall SonicOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0009 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0013 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0011 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0016 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0012 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0015 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0018 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0017 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0008 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0008"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0010 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0014 du 12 octobre 2020",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014"
}
]
}
CVE-2024-53704 (GCVE-0-2024-53704)
Vulnerability from nvd
Published
2025-01-09 06:52
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53704",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T04:55:11.755621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-02-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53704"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:32.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53704"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-18T00:00:00+00:00",
"value": "CVE-2024-53704 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Gen7 Hardware",
"Gen7 NSv",
"TZ80"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.1.1-7058 and older versions"
},
{
"status": "affected",
"version": "7.1.2-7019"
},
{
"status": "affected",
"version": "8.0.0-8035"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"
}
],
"datePublic": "2025-01-08T06:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.\u003c/span\u003e"
}
],
"value": "An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T06:52:16.771Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
}
],
"source": {
"advisory": "SNWLID-2025-0003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2024-53704",
"datePublished": "2025-01-09T06:52:16.771Z",
"dateReserved": "2024-11-22T09:54:04.964Z",
"dateUpdated": "2025-10-21T22:55:32.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40766 (GCVE-0-2024-40766)
Vulnerability from nvd
Published
2024-08-23 06:19
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sonicos",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "5.9.2.14-12o",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.4.14-109n",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.1-5035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sonicos",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "5.9.2.14-12o",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.4.14-109n",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.1-5035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sonicos",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "5.9.2.14-12o",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.4.14-109n",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.1-5035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40766",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:11:51.602153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-09-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:46.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-09T00:00:00+00:00",
"value": "CVE-2024-40766 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Gen5",
"Gen6",
"Gen7"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "5.9.2.14-12o and older versions"
},
{
"status": "affected",
"version": "6.5.4.14-109n and older versions"
},
{
"status": "affected",
"version": "7.0.1-5035 and older versions"
}
]
}
],
"datePublic": "2024-08-23T06:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
}
],
"value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T06:19:07.229Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
}
],
"source": {
"advisory": "SNWLID-2024-0015",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2024-40766",
"datePublished": "2024-08-23T06:19:07.229Z",
"dateReserved": "2024-07-10T15:58:49.462Z",
"dateUpdated": "2025-10-21T22:55:46.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5135 (GCVE-0-2020-5135)
Vulnerability from nvd
Published
2020-10-12 10:40
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input
Summary
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-5135",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:55:08.576470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5135"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:35.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5135"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-15T00:00:00+00:00",
"value": "CVE-2020-5135 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "SonicOS 6.5.4.7-79n and earlier"
},
{
"status": "affected",
"version": "SonicOS 6.5.1.11-4n and earlier"
},
{
"status": "affected",
"version": "SonicOS 6.0.5.3-93o and earlier"
},
{
"status": "affected",
"version": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
},
{
"status": "affected",
"version": "SonicOS 7.0.0.0-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T10:40:28.000Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2020-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "SonicOS 6.5.4.7-79n and earlier"
},
{
"version_value": "SonicOS 6.5.1.11-4n and earlier"
},
{
"version_value": "SonicOS 6.0.5.3-93o and earlier"
},
{
"version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
},
{
"version_value": "SonicOS 7.0.0.0-1"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2020-5135",
"datePublished": "2020-10-12T10:40:28.000Z",
"dateReserved": "2019-12-31T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:35.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53704 (GCVE-0-2024-53704)
Vulnerability from cvelistv5
Published
2025-01-09 06:52
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53704",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T04:55:11.755621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-02-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53704"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:32.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53704"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-18T00:00:00+00:00",
"value": "CVE-2024-53704 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Gen7 Hardware",
"Gen7 NSv",
"TZ80"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.1.1-7058 and older versions"
},
{
"status": "affected",
"version": "7.1.2-7019"
},
{
"status": "affected",
"version": "8.0.0-8035"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security through Trend Micro (Zero Day Initiative)"
}
],
"datePublic": "2025-01-08T06:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.\u003c/span\u003e"
}
],
"value": "An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T06:52:16.771Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
}
],
"source": {
"advisory": "SNWLID-2025-0003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2024-53704",
"datePublished": "2025-01-09T06:52:16.771Z",
"dateReserved": "2024-11-22T09:54:04.964Z",
"dateUpdated": "2025-10-21T22:55:32.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40766 (GCVE-0-2024-40766)
Vulnerability from cvelistv5
Published
2024-08-23 06:19
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sonicos",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "5.9.2.14-12o",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.4.14-109n",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.1-5035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sonicos",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "5.9.2.14-12o",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.4.14-109n",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.1-5035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sonicos",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "5.9.2.14-12o",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.4.14-109n",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.1-5035",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40766",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:11:51.602153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-09-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:46.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-09T00:00:00+00:00",
"value": "CVE-2024-40766 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Gen5",
"Gen6",
"Gen7"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "5.9.2.14-12o and older versions"
},
{
"status": "affected",
"version": "6.5.4.14-109n and older versions"
},
{
"status": "affected",
"version": "7.0.1-5035 and older versions"
}
]
}
],
"datePublic": "2024-08-23T06:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
}
],
"value": "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T06:19:07.229Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015"
}
],
"source": {
"advisory": "SNWLID-2024-0015",
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2024-40766",
"datePublished": "2024-08-23T06:19:07.229Z",
"dateReserved": "2024-07-10T15:58:49.462Z",
"dateUpdated": "2025-10-21T22:55:46.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5135 (GCVE-0-2020-5135)
Vulnerability from cvelistv5
Published
2020-10-12 10:40
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input
Summary
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:08.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-5135",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:55:08.576470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-15",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5135"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:35.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5135"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-15T00:00:00+00:00",
"value": "CVE-2020-5135 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "SonicOS 6.5.4.7-79n and earlier"
},
{
"status": "affected",
"version": "SonicOS 6.5.1.11-4n and earlier"
},
{
"status": "affected",
"version": "SonicOS 6.0.5.3-93o and earlier"
},
{
"status": "affected",
"version": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
},
{
"status": "affected",
"version": "SonicOS 7.0.0.0-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T10:40:28.000Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2020-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "SonicOS 6.5.4.7-79n and earlier"
},
{
"version_value": "SonicOS 6.5.1.11-4n and earlier"
},
{
"version_value": "SonicOS 6.0.5.3-93o and earlier"
},
{
"version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
},
{
"version_value": "SonicOS 7.0.0.0-1"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2020-5135",
"datePublished": "2020-10-12T10:40:28.000Z",
"dateReserved": "2019-12-31T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:35.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}