threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sonicwall sonicos
Product
sonicwall sonicos
68 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-0206
< 6.5.5.2-28n
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
4.9
MEDIUM
CVE-2026-0205
< 6.5.5.2-28n
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
6.8
MEDIUM
CVE-2026-0204
< 6.5.5.2-28n
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under
8.0
HIGH
CVE-2026-3439
< 7.3.2-7010
A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash
4.9
MEDIUM
CVE-2026-0402
< 7.3.2-7010
A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.
4.9
MEDIUM
CVE-2026-0401
< 7.3.2-7010
A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.
4.9
MEDIUM
CVE-2026-0400
< 7.3.2-7010
A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.
4.9
MEDIUM
CVE-2026-0399
< 7.3.2-7010
Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bound
4.9
MEDIUM
CVE-2025-40601
>= 7.1.1-7040 and < 7.3.1-7013
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial
7.5
HIGH
CVE-2025-40600
>= 7.1.1-7040 and < 7.3.0-7012
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker
9.8
CRITICAL
CVE-2024-53704
>= 7.1.1-7040 and <= 7.1.1-7058
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
9.8
CRITICAL
CVE-2024-40766
< 5.9.2.14-13o
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to un
9.8
CRITICAL
CVE-2024-40764
< 6.5.4.v-21s-rc2457
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Ser
7.5
HIGH
CVE-2024-3596
all versions
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Acc
9.0
CRITICAL
CVE-2024-29013
< 7.0.1-5161
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service
6.5
MEDIUM
CVE-2024-29012
< 7.0.1-5161
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Se
7.5
HIGH
CVE-2024-22394
all versions
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions co
9.8
CRITICAL
CVE-2023-41715
< 7.0.1-5145
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate thei
8.8
HIGH
CVE-2023-41713
< 7.0.1-5145
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
7.5
HIGH
CVE-2023-41712
< 7.0.1-5145
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewa
6.5
MEDIUM
CVE-2023-41711
< 7.0.1-5145
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a fire
6.5
MEDIUM
CVE-2023-39280
< 7.0.1-5145
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads
6.5
MEDIUM
CVE-2023-39279
< 7.0.1-5145
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a fire
6.5
MEDIUM
CVE-2023-39278
< 7.0.1-5145
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a fire
6.5
MEDIUM
CVE-2023-39277
< 7.0.1-5145
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints l
6.5
MEDIUM
CVE-2023-39276
< 7.0.1-5145
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall
6.5
MEDIUM
CVE-2023-1101
< 7.0.1-5111
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA
8.8
HIGH
CVE-2023-0656
<= 7.0.1-5111
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (Do
7.5
HIGH
CVE-2022-22275
>= 7.0.0.0 and <= 7.0.1-5030-r2007
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP ha
7.5
HIGH
CVE-2022-22274
<= 7.0.1-5050
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Deni
9.8
CRITICAL
CVE-2021-20048
<= 7.0.1-r1456
A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial
8.8
HIGH
CVE-2021-20046
<= 7.0.1-r146
A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause D
8.8
HIGH
CVE-2021-20031
<= 7.0.1-r1262
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to a
6.1
MEDIUM
CVE-2021-20019
>= 7.0.0 and < 7.0.0.376
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potenti
7.5
HIGH
CVE-2021-20027
<= 7.0.1-r1262
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially craf
7.5
HIGH
CVE-2021-3450
<= 7.0.1-r1456
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4
HIGH
CVE-2021-3449
all versions
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9
MEDIUM
CVE-2020-5143
<= 5.9.1.13
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumerati
5.3
MEDIUM
CVE-2020-5142
<= 5.9.1.13
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is
6.1
MEDIUM
CVE-2020-5141
<= 5.9.1.13
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN
6.5
MEDIUM
CVE-2020-5140
<= 5.9.1.13
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN servic
7.5
HIGH
CVE-2020-5139
<= 5.9.1.13
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the rel
7.5
HIGH
CVE-2020-5138
<= 5.9.1.13
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the fire
7.5
HIGH
CVE-2020-5137
<= 5.9.1.13
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewa
7.5
HIGH
CVE-2020-5136
<= 5.9.1.13
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and vi
6.5
MEDIUM
CVE-2020-5135
<= 6.0.5.3
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbit
9.8
CRITICAL
CVE-2020-5134
<= 6.0.5.3
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash
6.5
MEDIUM
CVE-2020-5133
>= 6.0.0.0 and <= 6.0.5.3
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads
7.5
HIGH
CVE-2020-5132
all versions
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name
5.3
MEDIUM
CVE-2020-5130
<= 6.5.4.4-44n
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation o
5.3
MEDIUM
CVE-2019-7479
<= 5.9.1.12-4o
A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability a
7.2
HIGH
CVE-2019-7487
<= 6.5.3.3
Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path
7.8
HIGH
CVE-2019-12261
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vul
9.8
CRITICAL
CVE-2019-12260
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability:
9.8
CRITICAL
CVE-2019-12258
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP c
7.5
HIGH
CVE-2019-12255
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent P
9.8
CRITICAL
CVE-2019-12265
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET securit
5.3
MEDIUM
CVE-2019-12263
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerabili
8.1
HIGH
CVE-2019-12259
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security
7.5
HIGH
CVE-2019-12257
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: H
8.8
HIGH
CVE-2019-12256
>= 5.9.0.0 and <= 5.9.0.7
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overfl
9.8
CRITICAL
CVE-2019-7477
<= 5.9.1.10
A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow remote attackers to obtain sensitive plaintext data when CB
7.5
HIGH
CVE-2019-7475
<= 5.9.1.10
A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user
9.8
CRITICAL
CVE-2019-7474
<= 5.9.1.10
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state
6.5
MEDIUM
CVE-2018-9867
>= 5.0.0.0 and <= 5.9.1.10
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who a
5.5
MEDIUM
CVE-2018-5281
all versions
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusio
5.4
MEDIUM
CVE-2018-5280
all versions
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.
5.4
MEDIUM
CVE-2015-3447
>= 6.0.0.0 and <= 6.2.2.0
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin