113
CVEs
29
Critical
47
High
7
KEV
27
PoC
76
Unpatched C/H
0.9%
Patch Rate
11.3%
Avg EPSS
Severity Breakdown
CRITICAL
29
HIGH
47
MEDIUM
34
LOW
3
Monthly CVE Trend
Affected Products (30)
Global Management System
26
Analytics
16
Sma 410 Firmware
11
Sma 210 Firmware
11
Sonicos
10
Sma 500V Firmware
10
Sma 200 Firmware
10
Sma 400 Firmware
10
Analyzer
8
Sma 100 Firmware
8
Netextender
7
Scrutinizer
7
Email Security Appliance 5000 Firmware
4
Email Security Appliance 7050 Firmware
4
Email Security Appliance 9000 Firmware
4
Windows
4
Email Security Appliance 5050 Firmware
4
PHP
4
Email Security
4
Email Security Virtual Appliance
4
Global Vpn Client
4
Hosted Email Security
4
Email Security Appliance 7000 Firmware
4
Sma 6200 Firmware
3
Sonicwall Secure Remote Access Server
3
Sma100 Firmware
3
Sma 6210 Firmware
3
Email Security Appliance 4300 Firmware
3
Sma 7210 Firmware
3
Sma 7200 Firmware
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2012-2962 | SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.3%. | MEDIUM | 6.5 | 90.3% | 158 |
PoC
No patch
|
| CVE-2014-8420 | The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%. | CRITICAL | 9.0 | 73.8% | 154 |
PoC
No patch
|
| CVE-2012-3951 | The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.5%. | HIGH | 7.5 | 79.5% | 152 |
PoC
No patch
|
| CVE-2014-4977 | Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%. | MEDIUM | 6.5 | 84.5% | 152 |
PoC
No patch
|
| CVE-2012-2626 | cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%. | MEDIUM | 5.0 | 76.0% | 121 |
PoC
No patch
|
| CVE-2016-9683 | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.0%. | CRITICAL | 9.8 | 22.0% | 91 |
PoC
No patch
|
| CVE-2016-9682 | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%. | CRITICAL | 9.8 | 19.5% | 89 |
PoC
No patch
|
| CVE-2023-34124 | The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 43.7% | 84 |
PoC
No patch
|
| CVE-2023-34132 | Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.4% | 84 |
PoC
No patch
|
| CVE-2016-9684 | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%. | CRITICAL | 9.8 | 13.5% | 83 |
PoC
No patch
|
| CVE-2023-34127 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 86.3% | 79 |
PoC
No patch
|
| CVE-2012-2627 | d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.4 | 8.5% | 75 |
PoC
No patch
|
| CVE-2023-34133 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 76.5% | 72 |
PoC
No patch
|
| CVE-2018-9866 | A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 4.5% | 69 |
PoC
No patch
|
| CVE-2021-20021 | A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 83.4% | 69 |
KEV
PoC
No patch
|