SonicWall SMA 200 Firmware

CPE Details

SonicWall SMA 200 Firmware
sonicwall
sma_200_firmware
-
2021-02-17
16h52 +00:00
2021-02-17
16h52 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:sonicwall:sma_200_firmware:-:*:*:*:*:*:*:*

Informations

Vendor

sonicwall

Product

sma_200_firmware

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-22395 2024-02-23 23h37 +00:00 Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
6.3
Moyen
CVE-2023-5970 2023-12-05 20h20 +00:00 Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.
8.8
Haute
CVE-2023-44221 2023-12-05 20h10 +00:00 Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
7.2
Haute
CVE-2022-2915 2022-08-26 18h30 +00:00 A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.
8.8
Haute
CVE-2022-22273 2022-03-17 00h40 +00:00 Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions
9.8
Critique
CVE-2021-20050 2021-12-23 00h20 +00:00 An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.
7.5
Haute
CVE-2021-20049 2021-12-23 00h20 +00:00 A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
7.5
Haute
CVE-2021-20035 2021-09-27 15h20 +00:00 Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
6.5
Moyen
CVE-2021-20034 2021-09-27 15h20 +00:00 An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
9.1
Critique
CVE-2021-20016 2021-02-03 20h35 +00:00 A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
9.8
Critique