SonicWall 802.11 Frame Aggregation and Fragmentation Vulnerabilities (FragAttacks)

Vulnerabilities in IEEE 802.11 implementation were found. These vulnerabilities could allow an attacker to inject malicious frames into legitimate WiFi traffic. The discovered vulnerabilities affect all modern security protocols of WiFi, including the latest WPA3. Successful exploitation of these vulnerabilities can result in the extraction of sensitive data and the manipulation of WiFi traffic. In order for an attacker to exploit these vulnerabilities he needs to be in proximity of the WiFi network and trick a user connected to the WiFi network to visit the attacker’s server.

CVE: CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26140, CVE-2020-26143, CVE-2020-26146, CVE-2020-26147
Last updated: Jan. 21, 2022, 7:08 p.m.

SonicWall Email Security Virtual Appliance Static Credential Vulnerability

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup.
 
An attacker could exploit this transitional/temporary user account from the trusted domain to access the Virtual Appliance only when the device is freshly installed and not connected to Mysonicwall.
 
A successful exploit could allow the attacker to log in to the appliance remotely with root privilege access over a local area network.

CVE: CVE-2021-20025
Last updated: May 13, 2021, 2 p.m.