Skip to main content

Sonicwall

Vendor security scorecard – 113 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 1080
113
CVEs
29
Critical
47
High
7
KEV
27
PoC
76
Unpatched C/H
0.9%
Patch Rate
11.3%
Avg EPSS

Severity Breakdown

CRITICAL
29
HIGH
47
MEDIUM
34
LOW
3

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2012-2962 SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.3%. MEDIUM 6.5 90.3% 158
PoC No patch
CVE-2014-8420 The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%. CRITICAL 9.0 73.8% 154
PoC No patch
CVE-2012-3951 The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.5%. HIGH 7.5 79.5% 152
PoC No patch
CVE-2014-4977 Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%. MEDIUM 6.5 84.5% 152
PoC No patch
CVE-2012-2626 cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%. MEDIUM 5.0 76.0% 121
PoC No patch
CVE-2016-9683 The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.0%. CRITICAL 9.8 22.0% 91
PoC No patch
CVE-2016-9682 The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.5%. CRITICAL 9.8 19.5% 89
PoC No patch
CVE-2023-34124 The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 43.7% 84
PoC No patch
CVE-2023-34132 Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 7.4% 84
PoC No patch
CVE-2016-9684 The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%. CRITICAL 9.8 13.5% 83
PoC No patch
CVE-2023-34127 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. HIGH 8.8 86.3% 79
PoC No patch
CVE-2012-2627 d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.4 8.5% 75
PoC No patch
CVE-2023-34133 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.5 76.5% 72
PoC No patch
CVE-2018-9866 A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 4.5% 69
PoC No patch
CVE-2021-20021 A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. CRITICAL 9.8 83.4% 69
KEV PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy