Vulnerabilites related to sonicwall - sm9800
Vulnerability from fkie_nvd
Published
2023-03-02 22:15
Modified
2024-11-21 07:38
Severity ?
Summary
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "680A1C61-AA45-4CA1-88F6-95EC0A275E41", versionEndExcluding: "7.0.1-5111", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*", matchCriteriaId: "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*", matchCriteriaId: "A69E000B-5806-46FD-A233-4E2CC9DD38D2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*", matchCriteriaId: "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*", matchCriteriaId: "4C15FED5-C48C-47CF-9645-0563D77883C1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*", matchCriteriaId: "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*", matchCriteriaId: "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*", matchCriteriaId: "6739DEA3-06FF-4FEB-9931-0DB27F63B70E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*", matchCriteriaId: "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*", matchCriteriaId: "F2ABC8D8-2943-4073-9568-E87961A18998", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*", matchCriteriaId: "9F57D527-AA3F-45E9-9BCE-6F76691066B5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*", matchCriteriaId: "F5ECCCF0-A5D8-42A8-8EC1-D12B49B1124A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "C61C96E2-0679-4555-A5D6-75E1BE44CB1F", versionEndIncluding: "7.0.1-5083", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*", matchCriteriaId: "7D6CF3CF-256C-4C04-8BDF-B16398CD0459", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "715F6C7A-0A62-4261-8DD1-17F34AD5F710", versionEndIncluding: "6.5.4.4-44v-21-1551", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv_10:-:*:*:*:*:*:*:*", matchCriteriaId: "75912A50-E148-43C9-9335-BE19977F8A70", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_100:-:*:*:*:*:*:*:*", matchCriteriaId: "12CF8746-84DF-4FB6-B5B7-AAED39E7FA6C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_1600:-:*:*:*:*:*:*:*", matchCriteriaId: "3ED84FC8-3E4E-4D29-B725-57AE7EEEC6DA", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_200:-:*:*:*:*:*:*:*", matchCriteriaId: "AC0B21B1-ABA5-49E2-9B43-E85B9B447F45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_25:-:*:*:*:*:*:*:*", matchCriteriaId: "731B4849-2F0B-4625-B768-2287964ECDAF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0BC92834-A624-49D8-BF14-9F545C63EB0B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_400:-:*:*:*:*:*:*:*", matchCriteriaId: "18066544-CD00-41A5-9392-6023020853D4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_50:-:*:*:*:*:*:*:*", matchCriteriaId: "6A644965-B1B8-4581-BCAC-8D6BCC961A03", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv_800:-:*:*:*:*:*:*:*", matchCriteriaId: "30061761-D324-43DD-B43D-F2DFEF987364", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "24C1B08A-B303-44F3-9285-1539588476BD", versionEndIncluding: "6.5.4.11-97n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "60219D0D-240E-4C5E-ADEE-0144DB076F28", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "260EAE19-8320-4616-8833-B214D41FA98E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "94F17A77-EB74-4815-A026-6116755EFB37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp12400:-:*:*:*:*:*:*:*", matchCriteriaId: "DD310CFE-1171-471A-8B29-A8974F06FF5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp12800:-:*:*:*:*:*:*:*", matchCriteriaId: "462177B2-E0EC-494A-93A8-9582DCECC368", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm10200:-:*:*:*:*:*:*:*", matchCriteriaId: "D96A9430-B9FC-48FE-8507-E7694F80EF5B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm10400:-:*:*:*:*:*:*:*", matchCriteriaId: "A515B0BE-3655-48A1-B113-9A4E39A40CE9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm10800:-:*:*:*:*:*:*:*", matchCriteriaId: "40C227CA-D865-47CC-AD4D-96ED19892BDA", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm9200:-:*:*:*:*:*:*:*", matchCriteriaId: "3547DE9C-A657-4AB6-AD00-5185BE7D227E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm9400:-:*:*:*:*:*:*:*", matchCriteriaId: "88DB2D0B-8199-4241-A826-4BD91AB5D4E4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm9600:-:*:*:*:*:*:*:*", matchCriteriaId: "7079B7DB-CBC1-4116-929B-956C361AF764", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*", matchCriteriaId: "FCBF16D6-4C60-440D-95AB-986ABC4F9100", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*", matchCriteriaId: "09678BBE-7603-41D2-BF09-415CA33C7EFA", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*", matchCriteriaId: "7003DBEF-CA74-4429-B567-5CFFB83762E6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*", matchCriteriaId: "A8AC8EAE-99BE-4889-9978-5083F71D7178", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*", matchCriteriaId: "479B1418-CA62-4B24-A5DB-21F488941754", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*", matchCriteriaId: "D3E0AB47-5EE3-4F2F-B442-DA48C58C44D6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*", matchCriteriaId: "D50B19A6-80C4-4FF7-9CD5-58938641D3DC", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*", matchCriteriaId: "745643D6-9336-4FBE-9625-99599DFBB8A2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*", matchCriteriaId: "C09B5BCD-C830-4C67-B966-1CA499F21D04", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*", matchCriteriaId: "FA61303F-736E-411F-AEF3-6335C0795138", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:*", matchCriteriaId: "3506950B-2404-41D2-8EF3-1694777D9EEA", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:*", matchCriteriaId: "7B4C9916-AD16-4E31-90A6-2AD577EA9783", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.", }, ], id: "CVE-2023-1101", lastModified: "2024-11-21T07:38:27.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-02T22:15:09.560", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-307", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-23 07:15
Modified
2024-09-16 19:48
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Summary
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References
▼ | URL | Tags | |
---|---|---|---|
PSIRT@sonicwall.com | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2024-09-30", cisaExploitAdd: "2024-09-09", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "SonicWall SonicOS Improper Access Control Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "37E20C47-F8DA-4313-B9AD-C63CEA9D42C5", versionEndExcluding: "5.9.2.14-13o", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*", matchCriteriaId: "C6B6B3FD-428E-4D6C-8C45-172CF4FB430D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0B16D102-B2BA-4F94-A42F-B8EB2E697907", versionEndExcluding: "6.5.2.8-2n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*", matchCriteriaId: "F2F22AB1-044C-45F1-BD33-82BB46402363", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*", matchCriteriaId: "E62EAD79-2CD4-4479-B26A-A0C97B5B241A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*", matchCriteriaId: "FCBF16D6-4C60-440D-95AB-986ABC4F9100", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "CAFD6E22-8E19-4B5A-85DE-7850FE0AE7CF", versionEndExcluding: "6.5.4.15.116n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350w:-:*:*:*:*:*:*:*", matchCriteriaId: "FF991212-3F2C-4F54-B96C-C33F500DB77B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "34814AB8-5F1D-44B4-B53B-FC4FA794DDAA", versionEndIncluding: "7.0.1-5035", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*", matchCriteriaId: "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*", matchCriteriaId: "A69E000B-5806-46FD-A233-4E2CC9DD38D2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*", matchCriteriaId: "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*", matchCriteriaId: "4C15FED5-C48C-47CF-9645-0563D77883C1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*", matchCriteriaId: "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*", matchCriteriaId: "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*", matchCriteriaId: "6739DEA3-06FF-4FEB-9931-0DB27F63B70E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*", matchCriteriaId: "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administración de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones específicas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, así como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores.", }, ], id: "CVE-2024-40766", lastModified: "2024-09-16T19:48:30.827", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-08-23T07:15:03.643", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-1101
Vulnerability from cvelistv5
Published
2023-03-02 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:32:46.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "SonicOS 6.5.4.11-97n and earlier", }, { status: "affected", version: "SonicOS NSv 6.5.4.4-44v-21-1551 and earlier", }, { status: "affected", version: "SonicOS NSsp 7.0.1-5083 and earlier", }, { status: "affected", version: "SonicOS 7.0.1-5095 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307: Improper Restriction of Excessive Authentication Attempts", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005", }, ], }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-1101", datePublished: "2023-03-02T00:00:00", dateReserved: "2023-02-28T00:00:00", dateUpdated: "2024-08-02T05:32:46.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40766
Vulnerability from cvelistv5
Published
2024-08-23 06:19
Modified
2024-09-09 16:20
Severity ?
EPSS score ?
Summary
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 | vendor-advisory |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sonicos", vendor: "sonicwall", versions: [ { lessThanOrEqual: "5.9.2.14-12o", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "6.5.4.14-109n", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "7.0.1-5035", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40766", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-09T14:11:51.602153Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-09-09", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T16:20:22.681Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, timeline: [ { lang: "en", time: "2024-09-09T00:00:00+00:00", value: "CVE-2024-40766 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", platforms: [ "Gen5", "Gen6", "Gen7", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "5.9.2.14-12o and older versions", }, { status: "affected", version: "6.5.4.14-109n and older versions", }, { status: "affected", version: "7.0.1-5035 and older versions", }, ], }, ], datePublic: "2024-08-23T06:13:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.", }, ], value: "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-23T06:19:07.229Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015", }, ], source: { advisory: "SNWLID-2024-0015", discovery: "INTERNAL", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2024-40766", datePublished: "2024-08-23T06:19:07.229Z", dateReserved: "2024-07-10T15:58:49.462Z", dateUpdated: "2024-09-09T16:20:22.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }