Primary

Context

SonicWall SonicOS SSLVPN Null Pointer Dereference Denial-of-Service Vulnerability

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the SonicOS SSLVPN Virtual Office interface. This vulnerability allows a remote, unauthenticated attacker to crash the firewall, potentially causing a denial-of-service condition. The issue affects SonicWall Gen7 NSv and various Gen7 Firewall models, specifically in the 7.1.x version range, as well as TZ80 users on versions through 8.0.0-8037.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the firewall to crash.

Remediation

The vulnerability can be mitigated by disabling the SSLVPN service on the firewall. For users on affected versions, upgrading to SonicOS 7.2.0-7015 or higher is recommended. TZ80 users should upgrade to version 8.0.1-8017 or higher.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SonicWall SonicOS SSLVPN Null Pointer Dereference Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SonicWall Gen7 NSv

SonicWall Gen7 TZ

SonicWall Gen7 NSa

SonicWall TZ80

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating