SonicWall firewall is vulnerable to a critical severity flaw, which may allow attackers to gain unauthorized access to the devices. Tracked as CVE-2024-40766, the vulnerability has a CVSS score of 9.3.
Tag: SonicOS
SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)
Tracked as CVE-2021-20019, a vulnerability was observed in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can potentially lead to an internal sensitive data disclosure vulnerability. The shortcoming was rectified in an update rolled out to SonicOS on June 22. However, there is no evidence that … Continue reading “SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)”
SonicWall VPN Portal Buffer Overflow Vulnerability (CVE-2020-5135)
Overview On 14th October 2020, Tripwire VERT has published the finding of a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). An unauthenticated HTTP request via a custom protocol handler can exploit this vulnerability. Security researcher Craig Young reported this vulnerability. Description A persistent Denial of Service (DoS) condition and potentially arbitrary code execution is possible by sending a crafted HTTP request to the SonicOS firewall. The vulnerability can be exploited without authentication and insecure SSLVPN that is exposed … Continue reading “SonicWall VPN Portal Buffer Overflow Vulnerability (CVE-2020-5135)”