) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:sonicwall:sma_400_firmware:-:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-5970 |
Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. Published: December 05, 2023; 4:15:07 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-44221 |
Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. Published: December 05, 2023; 4:15:07 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2022-2915 |
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. Published: August 26, 2022; 5:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-22273 |
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions Published: March 16, 2022; 10:15:06 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-20050 |
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. Published: December 22, 2021; 9:15:06 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-20049 |
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. Published: December 22, 2021; 9:15:06 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-20035 |
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. Published: September 27, 2021; 2:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.8 MEDIUM |
| CVE-2021-20034 |
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. Published: September 27, 2021; 2:15:08 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2021-20016 |
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. Published: February 04, 2021; 1:15:13 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |