📦

nssp_11700

Vendor: sonicwall

Actively Exploited 2 CISA KEV List

PoC / Exploits 3 Code Available

Total RCEs 4 Remote Access

Total CVEs 33 Total Indexed

Avg. EPSS 8.45% Exploit Prob.

Latest CVE CVE-2026-0206 Apr 29

Security Vulnerability Index

Page 2 / 4

Critical Target

9.8 CVSS

CVE-2024-53704

Exploit Found

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

EPSS: 93.86%

Severity: CRITICAL

Jan 09, 2025

9.8 CVSS

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

EPSS: 3.44%

Severity: CRITICAL

Aug 23, 2024

7.5 CVSS

CVE-2024-40764

RCE

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

EPSS: 10.16%

Severity: HIGH

Jul 18, 2024

6.5 CVSS

CVE-2024-29013

RCE

Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.

EPSS: 2.28%

Severity: MEDIUM

Jun 20, 2024

7.5 CVSS

CVE-2024-29012

RCE

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.

EPSS: 2.25%

Severity: HIGH

Jun 20, 2024

9.8 CVSS

CVE-2024-22394

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.

EPSS: 0.96%

Severity: CRITICAL

Feb 08, 2024

8.8 CVSS

CVE-2023-1101

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

EPSS: 0.35%

Severity: HIGH

Mar 02, 2023

7.5 CVSS

CVE-2023-0656

RCE Exploit Found

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

EPSS: 31.49%

Severity: HIGH

Mar 02, 2023

7.5 CVSS

CVE-2022-22278

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack

EPSS: 0.27%

Severity: HIGH

Apr 27, 2022

5.3 CVSS

CVE-2022-22277

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.

EPSS: 0.16%

Severity: MEDIUM

Apr 27, 2022

Displaying 10 of 33 Total Entries

1 2 3 4

Total 4 Sections