U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2023-41715

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.

Published: October 17, 2023; 7:15:12 PM -0400 		V3.1: 8.8 HIGH
 V2.0:(not available)
CVE-2023-41713

SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.

Published: October 17, 2023; 7:15:12 PM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2023-41712

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.

Published: October 17, 2023; 7:15:12 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2023-41711

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.

Published: October 17, 2023; 7:15:12 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2023-39280

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.

Published: October 17, 2023; 7:15:11 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2023-39279

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.

Published: October 17, 2023; 7:15:11 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2023-39278

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.

Published: October 17, 2023; 7:15:11 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2023-39277

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

Published: October 17, 2023; 7:15:11 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2023-39276

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.

Published: October 17, 2023; 7:15:11 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)