All the vulnerabilites related to sonicwall - nsv100
cve-2023-39276
Vulnerability from cvelistv5
Published
2023-10-17 22:04
Modified
2024-09-13 16:04
Severity ?
EPSS score ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.830Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39276", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T16:04:23.771929Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T16:04:35.863Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:04:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\u003cbr\u003e" } ], "value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:04:34.956Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-39276", "datePublished": "2023-10-17T22:04:34.956Z", "dateReserved": "2023-07-27T00:07:04.124Z", "dateUpdated": "2024-09-13T16:04:35.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39279
Vulnerability from cvelistv5
Published
2023-10-17 22:15
Modified
2024-09-13 16:00
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.813Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39279", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T16:00:24.050497Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T16:00:49.830Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:15:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash." } ], "value": "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:15:00.711Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-39279", "datePublished": "2023-10-17T22:15:00.711Z", "dateReserved": "2023-07-27T00:07:04.124Z", "dateUpdated": "2024-09-13T16:00:49.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41711
Vulnerability from cvelistv5
Published
2023-10-17 22:20
Modified
2024-09-13 15:38
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:01:35.448Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-41711", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T15:38:20.952791Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T15:38:30.661Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:20:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash." } ], "value": "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:20:36.619Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-41711", "datePublished": "2023-10-17T22:20:36.619Z", "dateReserved": "2023-08-30T17:07:28.451Z", "dateUpdated": "2024-09-13T15:38:30.661Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39280
Vulnerability from cvelistv5
Published
2023-10-17 22:17
Modified
2024-09-13 15:59
Severity ?
EPSS score ?
Summary
SonicOS p
ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.718Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39280", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T15:59:13.568147Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T15:59:29.468Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:16:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SonicOS p\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\u003c/span\u003e\n\n" } ], "value": "SonicOS p\n\nost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:17:36.308Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-39280", "datePublished": "2023-10-17T22:17:36.308Z", "dateReserved": "2023-07-27T00:07:04.125Z", "dateUpdated": "2024-09-13T15:59:29.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39277
Vulnerability from cvelistv5
Published
2023-10-17 22:08
Modified
2024-09-13 16:03
Severity ?
EPSS score ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.752Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39277", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T16:02:52.041284Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T16:03:01.532Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:08:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSonicOS post-authentication stack-based buffer overflow vulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.\u003c/span\u003e" } ], "value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:08:55.318Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-39277", "datePublished": "2023-10-17T22:08:55.318Z", "dateReserved": "2023-07-27T00:07:04.124Z", "dateUpdated": "2024-09-13T16:03:01.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39278
Vulnerability from cvelistv5
Published
2023-10-17 22:12
Modified
2024-09-13 16:01
Severity ?
EPSS score ?
Summary
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39278", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T16:01:40.078298Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T16:01:51.265Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:12:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cb\u003e\u003c/b\u003e\u003c/span\u003e" } ], "value": "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:12:29.594Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-39278", "datePublished": "2023-10-17T22:12:29.594Z", "dateReserved": "2023-07-27T00:07:04.124Z", "dateUpdated": "2024-09-13T16:01:51.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41712
Vulnerability from cvelistv5
Published
2023-10-17 22:26
Modified
2024-09-13 15:36
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:01:35.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-41712", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T15:36:06.568443Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T15:36:27.303Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:25:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash." } ], "value": "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:26:09.949Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-41712", "datePublished": "2023-10-17T22:26:09.949Z", "dateReserved": "2023-08-30T17:07:28.452Z", "dateUpdated": "2024-09-13T15:36:27.303Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41715
Vulnerability from cvelistv5
Published
2023-10-17 22:33
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:01:35.411Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:33:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.\u003cbr\u003e" } ], "value": "SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:33:57.440Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-41715", "datePublished": "2023-10-17T22:33:57.440Z", "dateReserved": "2023-08-30T17:07:28.452Z", "dateUpdated": "2024-08-02T19:01:35.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41713
Vulnerability from cvelistv5
Published
2023-10-17 22:28
Modified
2024-09-13 19:32
Severity ?
EPSS score ?
Summary
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:01:35.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sonicos", "vendor": "sonicwall", "versions": [ { "lessThan": "7.0.1-5119", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "7.0.1-5129", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "6.5.4.4-44v-21-2079", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "6.5.4.12-101n", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-41713", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T19:29:35.513087Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T19:32:58.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "modules": [ "Management", "SSLVPN" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "7.0.1-5119 and earlier versions" }, { "status": "affected", "version": "7.0.1-5129 and earlier versions" }, { "status": "affected", "version": "6.5.4.4-44v-21-2079 and earlier versions" }, { "status": "affected", "version": "6.5.4.12-101n and earlier versions" } ] } ], "datePublic": "2023-10-17T22:28:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SonicOS Use of Hard-coded Password vulnerability in the \u0027dynHandleBuyToolbar\u0027 demo function." } ], "value": "SonicOS Use of Hard-coded Password vulnerability in the \u0027dynHandleBuyToolbar\u0027 demo function." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T22:28:50.229Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-41713", "datePublished": "2023-10-17T22:28:50.229Z", "dateReserved": "2023-08-30T17:07:28.452Z", "dateUpdated": "2024-09-13T19:32:58.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-40764
Vulnerability from cvelistv5
Published
2024-07-18 07:42
Modified
2024-08-02 04:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sonicos", "vendor": "sonicwall", "versions": [ { "lessThanOrEqual": "6.5.4.4-44v-21-2395", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "7.0.1-5151", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "7.1.1-7051", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-40764", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T13:27:59.874514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-18T13:37:13.495Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:39:54.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "platforms": [ "Gen6", "Gen7" ], "product": "SonicOS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "6.5.4.4-44v-21-2395 and older versions" }, { "status": "affected", "version": "7.0.1-5151 and older versions" }, { "status": "affected", "version": "7.1.1-7051 and older versions" } ] } ], "datePublic": "2024-07-18T07:38:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS)." } ], "value": "Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS)." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-18T07:42:37.995Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012" } ], "source": { "advisory": "SNWLID-2024-0012", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2024-40764", "datePublished": "2024-07-18T07:42:37.995Z", "dateReserved": "2024-07-10T15:58:49.461Z", "dateUpdated": "2024-08-02T04:39:54.567Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS p
ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SonicOS p\n\nost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\n\n" }, { "lang": "es", "value": "La vulnerabilidad de desbordamiento del b\u00fafer posterior a la autenticaci\u00f3n de SonicOS en los endpoints de URL ssoStats-s.xml y ssoStats-s.wri provoca una falla del firewall." } ], "id": "CVE-2023-39280", "lastModified": "2024-11-21T08:15:03.223", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:11.853", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\n" }, { "lang": "es", "value": "La vulnerabilidad de desbordamiento del b\u00fafer de autenticaci\u00f3n posterior de SonicOS en el endpoint de la URL getBookmarkList.json provoca una falla del firewall." } ], "id": "CVE-2023-39276", "lastModified": "2024-11-21T08:15:02.593", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:11.573", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\n" }, { "lang": "es", "value": "La falla de aserci\u00f3n del usuario posterior a la autenticaci\u00f3n de SonicOS conduce a una vulnerabilidad de desbordamiento del b\u00fafer a trav\u00e9s de main.cgi que provoca una falla del firewall." } ], "id": "CVE-2023-39278", "lastModified": "2024-11-21T08:15:02.913", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:11.727", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SonicOS Use of Hard-coded Password vulnerability in the \u0027dynHandleBuyToolbar\u0027 demo function." }, { "lang": "es", "value": "SonicOS utiliza la vulnerabilidad de contrase\u00f1a codificada en la funci\u00f3n de demostraci\u00f3n \u0027dynHandleBuyToolbar\u0027." } ], "id": "CVE-2023-41713", "lastModified": "2024-11-21T08:21:31.807", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:12.160", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-259" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-798" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash." }, { "lang": "es", "value": "La vulnerabilidad de desbordamiento del b\u00fafer posterior a la autenticaci\u00f3n de SonicOS en el extremo URL de SSL VPN plainprefs.exp provoca una falla del firewall." } ], "id": "CVE-2023-41712", "lastModified": "2024-11-21T08:21:31.643", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:12.093", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash." }, { "lang": "es", "value": "La vulnerabilidad de desbordamiento del b\u00fafer basado posterior a la autenticaci\u00f3n de SonicOS en el endpoint de URL getPacketReplayData.json provoca una falla del firewall." } ], "id": "CVE-2023-39279", "lastModified": "2024-11-21T08:15:03.063", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:11.790", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash." }, { "lang": "es", "value": "La vulnerabilidad de desbordamiento del b\u00fafer de autenticaci\u00f3n posterior de SonicOS en los endpoints de URL sonicflow.csv y appflowsessions.csv provoca una falla del firewall." } ], "id": "CVE-2023-39277", "lastModified": "2024-11-21T08:15:02.753", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:11.660", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.\n" }, { "lang": "es", "value": "La vulnerabilidad de administraci\u00f3n de privilegios inadecuada posterior a la autenticaci\u00f3n de SonicOS en el t\u00fanel VPN SSL de SonicOS permite a los usuarios elevar sus privilegios dentro del t\u00fanel." } ], "id": "CVE-2023-41715", "lastModified": "2024-11-21T08:21:31.977", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:12.227", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", "versionEndExcluding": "7.0.1-5145", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C", "versionEndExcluding": "6.5.4.4-44v-21-2340", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119", "versionEndExcluding": "6.5.4.13-105n", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash." }, { "lang": "es", "value": "La vulnerabilidad de desbordamiento del b\u00fafer posterior a la autenticaci\u00f3n de SonicOS en los endpoint de URL sonicwall.exp, prefs.exp provoca una falla del firewall." } ], "id": "CVE-2023-41711", "lastModified": "2024-11-21T08:21:31.477", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-10-17T23:15:12.027", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-07-18 08:15
Modified
2024-11-21 09:31
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
References
▼ | URL | Tags | |
---|---|---|---|
PSIRT@sonicwall.com | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012 | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012 | Mitigation, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sonicwall | sonicos | * | |
sonicwall | nsv10 | - | |
sonicwall | nsv100 | - | |
sonicwall | nsv1600 | - | |
sonicwall | nsv200 | - | |
sonicwall | nsv25 | - | |
sonicwall | nsv300 | - | |
sonicwall | nsv400 | - | |
sonicwall | nsv50 | - | |
sonicwall | nsv800 | - | |
sonicwall | sonicos | * | |
sonicwall | sonicos | * | |
sonicwall | nsa_2700 | - | |
sonicwall | nsa_3700 | - | |
sonicwall | nsa_4700 | - | |
sonicwall | nsa_5700 | - | |
sonicwall | nsa_6700 | - | |
sonicwall | nssp_10700 | - | |
sonicwall | nssp_11700 | - | |
sonicwall | nssp_13700 | - | |
sonicwall | nssp_15700 | - | |
sonicwall | nsv_270 | - | |
sonicwall | nsv_470 | - | |
sonicwall | nsv_870 | - | |
sonicwall | tz270 | - | |
sonicwall | tz270w | - | |
sonicwall | tz370 | - | |
sonicwall | tz370w | - | |
sonicwall | tz470 | - | |
sonicwall | tz470w | - | |
sonicwall | tz570 | - | |
sonicwall | tz570p | - | |
sonicwall | tz570w | - | |
sonicwall | tz670 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8842B1FC-9CC4-4DB8-8119-B435CD33A5D1", "versionEndExcluding": "6.5.4.v-21s-rc2457", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE881F9C-CE9E-4D1B-92BA-D28B2B16178A", "versionEndExcluding": "7.0.1-5161", "vulnerable": true }, { "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "matchCriteriaId": "797C9FA3-70EF-492A-ACA3-CE21422D5AAA", "versionEndExcluding": "7.1.1-7058", "versionStartIncluding": "7.1.1-7040", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "A69E000B-5806-46FD-A233-4E2CC9DD38D2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C15FED5-C48C-47CF-9645-0563D77883C1", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*", "matchCriteriaId": "6739DEA3-06FF-4FEB-9931-0DB27F63B70E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D6CF3CF-256C-4C04-8BDF-B16398CD0459", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2ABC8D8-2943-4073-9568-E87961A18998", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F57D527-AA3F-45E9-9BCE-6F76691066B5", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5ECCCF0-A5D8-42A8-8EC1-D12B49B1124A", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307", "vulnerable": false }, { "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS)." }, { "lang": "es", "value": "Una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en SonicOS IPSec VPN permite que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS)." } ], "id": "CVE-2024-40764", "lastModified": "2024-11-21T09:31:34.703", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2024-07-18T08:15:02.340", "references": [ { "source": "PSIRT@sonicwall.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012" } ], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-122" } ], "source": "PSIRT@sonicwall.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }