Severity
Medium
Analysis Summary
CVE-2023-0655 CVSS:4.3
SonicWall Email Security could allow a remote attacker to obtain sensitive information, caused by the insertion of sensitive information into an error message. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-0126 CVSS:7.5
SonicWall SMA100 could allow a remote attacker to traverse directories on the system, caused by a pre-authentication path traversal vulnerability. An attacker could send a specially-crafted URL request to access arbitrary files and directories stored outside the web root directory.
CVE-2024-29012 CVSS:4.9
SonicWall SonicOS HTTP server is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Information Obtain
- Gain Access
- Denial of Service
Indicators of Compromise
CVE
- CVE-2023-0655
- CVE-2023-0126
- CVE-2024-29012
Affected Vendors
Affected Products
- SonicWall SonicOS 7.1.1-7051
- SonicWall Email Security 10.0.19.7431
- SonicWall SMA1000 12.4.2
Remediation
Refer to SonicWall Security Advisory for patch, upgrade or suggested workaround information.