Vulnerabilites related to sonicwall - sm_9650
cve-2023-39276
Vulnerability from cvelistv5
Published
2023-10-17 22:04
Modified
2024-09-13 16:04
Severity ?
EPSS score ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.830Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39276", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:04:23.771929Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:04:35.863Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:04:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n<br>", }, ], value: "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\n", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:04:34.956Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-39276", datePublished: "2023-10-17T22:04:34.956Z", dateReserved: "2023-07-27T00:07:04.124Z", dateUpdated: "2024-09-13T16:04:35.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39279
Vulnerability from cvelistv5
Published
2023-10-17 22:15
Modified
2024-09-13 16:00
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.813Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39279", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:00:24.050497Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:00:49.830Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:15:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.", }, ], value: "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:15:00.711Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-39279", datePublished: "2023-10-17T22:15:00.711Z", dateReserved: "2023-07-27T00:07:04.124Z", dateUpdated: "2024-09-13T16:00:49.830Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39278
Vulnerability from cvelistv5
Published
2023-10-17 22:12
Modified
2024-09-13 16:01
Severity ?
EPSS score ?
Summary
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39278", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:01:40.078298Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:01:51.265Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:12:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.<br><span style=\"background-color: rgb(255, 255, 255);\"><b></b></span>", }, ], value: "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\n", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:12:29.594Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-39278", datePublished: "2023-10-17T22:12:29.594Z", dateReserved: "2023-07-27T00:07:04.124Z", dateUpdated: "2024-09-13T16:01:51.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41715
Vulnerability from cvelistv5
Published
2023-10-17 22:33
Modified
2024-08-02 19:01
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:33:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.<br>", }, ], value: "SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.\n", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:33:57.440Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-41715", datePublished: "2023-10-17T22:33:57.440Z", dateReserved: "2023-08-30T17:07:28.452Z", dateUpdated: "2024-08-02T19:01:35.411Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39280
Vulnerability from cvelistv5
Published
2023-10-17 22:17
Modified
2024-09-13 15:59
Severity ?
EPSS score ?
Summary
SonicOS p
ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.718Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39280", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T15:59:13.568147Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T15:59:29.468Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:16:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SonicOS p\n\n<span style=\"background-color: rgb(255, 255, 255);\">ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.</span>\n\n", }, ], value: "SonicOS p\n\nost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\n\n", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:17:36.308Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-39280", datePublished: "2023-10-17T22:17:36.308Z", dateReserved: "2023-07-27T00:07:04.125Z", dateUpdated: "2024-09-13T15:59:29.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41713
Vulnerability from cvelistv5
Published
2023-10-17 22:28
Modified
2024-09-13 19:32
Severity ?
EPSS score ?
Summary
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sonicos", vendor: "sonicwall", versions: [ { lessThan: "7.0.1-5119", status: "affected", version: "0", versionType: "custom", }, { lessThan: "7.0.1-5129", status: "affected", version: "0", versionType: "custom", }, { lessThan: "6.5.4.4-44v-21-2079", status: "affected", version: "0", versionType: "custom", }, { lessThan: "6.5.4.12-101n", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-41713", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T19:29:35.513087Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T19:32:58.092Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:28:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.", }, ], value: "SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-259", description: "CWE-259 Use of Hard-coded Password", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:28:50.229Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-41713", datePublished: "2023-10-17T22:28:50.229Z", dateReserved: "2023-08-30T17:07:28.452Z", dateUpdated: "2024-09-13T19:32:58.092Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41712
Vulnerability from cvelistv5
Published
2023-10-17 22:26
Modified
2024-09-13 15:36
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41712", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T15:36:06.568443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T15:36:27.303Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:25:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.", }, ], value: "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:26:09.949Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-41712", datePublished: "2023-10-17T22:26:09.949Z", dateReserved: "2023-08-30T17:07:28.452Z", dateUpdated: "2024-09-13T15:36:27.303Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40766
Vulnerability from cvelistv5
Published
2024-08-23 06:19
Modified
2024-09-09 16:20
Severity ?
EPSS score ?
Summary
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 | vendor-advisory |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sonicos", vendor: "sonicwall", versions: [ { lessThanOrEqual: "5.9.2.14-12o", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "6.5.4.14-109n", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "7.0.1-5035", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40766", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-09T14:11:51.602153Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-09-09", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T16:20:22.681Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, timeline: [ { lang: "en", time: "2024-09-09T00:00:00+00:00", value: "CVE-2024-40766 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", platforms: [ "Gen5", "Gen6", "Gen7", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "5.9.2.14-12o and older versions", }, { status: "affected", version: "6.5.4.14-109n and older versions", }, { status: "affected", version: "7.0.1-5035 and older versions", }, ], }, ], datePublic: "2024-08-23T06:13:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.", }, ], value: "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-23T06:19:07.229Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015", }, ], source: { advisory: "SNWLID-2024-0015", discovery: "INTERNAL", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2024-40766", datePublished: "2024-08-23T06:19:07.229Z", dateReserved: "2024-07-10T15:58:49.462Z", dateUpdated: "2024-09-09T16:20:22.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39277
Vulnerability from cvelistv5
Published
2023-10-17 22:08
Modified
2024-09-13 16:03
Severity ?
EPSS score ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.752Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T16:02:52.041284Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T16:03:01.532Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:08:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">SonicOS post-authentication stack-based buffer overflow vulnerability </span><span style=\"background-color: rgb(255, 255, 255);\">in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.</span>", }, ], value: "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:08:55.318Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-39277", datePublished: "2023-10-17T22:08:55.318Z", dateReserved: "2023-07-27T00:07:04.124Z", dateUpdated: "2024-09-13T16:03:01.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-41711
Vulnerability from cvelistv5
Published
2023-10-17 22:20
Modified
2024-09-13 15:38
Severity ?
EPSS score ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
References
▼ | URL | Tags |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:01:35.448Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-41711", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T15:38:20.952791Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T15:38:30.661Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "Management", "SSLVPN", ], product: "SonicOS", vendor: "SonicWall", versions: [ { status: "affected", version: "7.0.1-5119 and earlier versions", }, { status: "affected", version: "7.0.1-5129 and earlier versions", }, { status: "affected", version: "6.5.4.4-44v-21-2079 and earlier versions", }, { status: "affected", version: "6.5.4.12-101n and earlier versions", }, ], }, ], datePublic: "2023-10-17T22:20:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.", }, ], value: "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T22:20:36.619Z", orgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", shortName: "sonicwall", }, references: [ { tags: [ "vendor-advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "44b2ff79-1416-4492-88bb-ed0da00c7315", assignerShortName: "sonicwall", cveId: "CVE-2023-41711", datePublished: "2023-10-17T22:20:36.619Z", dateReserved: "2023-08-30T17:07:28.451Z", dateUpdated: "2024-09-13T15:38:30.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS p
ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS p\n\nost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\n\n", }, { lang: "es", value: "La vulnerabilidad de desbordamiento del búfer posterior a la autenticación de SonicOS en los endpoints de URL ssoStats-s.xml y ssoStats-s.wri provoca una falla del firewall.", }, ], id: "CVE-2023-39280", lastModified: "2024-11-21T08:15:03.223", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:11.853", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.", }, { lang: "es", value: "La vulnerabilidad de desbordamiento del búfer posterior a la autenticación de SonicOS en el extremo URL de SSL VPN plainprefs.exp provoca una falla del firewall.", }, ], id: "CVE-2023-41712", lastModified: "2024-11-21T08:21:31.643", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:12.093", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.", }, { lang: "es", value: "La vulnerabilidad de desbordamiento del búfer posterior a la autenticación de SonicOS en los endpoint de URL sonicwall.exp, prefs.exp provoca una falla del firewall.", }, ], id: "CVE-2023-41711", lastModified: "2024-11-21T08:21:31.477", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:12.027", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\n", }, { lang: "es", value: "La falla de aserción del usuario posterior a la autenticación de SonicOS conduce a una vulnerabilidad de desbordamiento del búfer a través de main.cgi que provoca una falla del firewall.", }, ], id: "CVE-2023-39278", lastModified: "2024-11-21T08:15:02.913", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:11.727", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\n", }, { lang: "es", value: "La vulnerabilidad de desbordamiento del búfer de autenticación posterior de SonicOS en el endpoint de la URL getBookmarkList.json provoca una falla del firewall.", }, ], id: "CVE-2023-39276", lastModified: "2024-11-21T08:15:02.593", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:11.573", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.", }, { lang: "es", value: "SonicOS utiliza la vulnerabilidad de contraseña codificada en la función de demostración 'dynHandleBuyToolbar'.", }, ], id: "CVE-2023-41713", lastModified: "2024-11-21T08:21:31.807", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:12.160", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-259", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.", }, { lang: "es", value: "La vulnerabilidad de desbordamiento del búfer de autenticación posterior de SonicOS en los endpoints de URL sonicflow.csv y appflowsessions.csv provoca una falla del firewall.", }, ], id: "CVE-2023-39277", lastModified: "2024-11-21T08:15:02.753", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:11.660", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:21
Severity ?
Summary
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.\n", }, { lang: "es", value: "La vulnerabilidad de administración de privilegios inadecuada posterior a la autenticación de SonicOS en el túnel VPN SSL de SonicOS permite a los usuarios elevar sus privilegios dentro del túnel.", }, ], id: "CVE-2023-41715", lastModified: "2024-11-21T08:21:31.977", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:12.227", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-23 07:15
Modified
2024-09-16 19:48
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Summary
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
References
▼ | URL | Tags | |
---|---|---|---|
PSIRT@sonicwall.com | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2024-09-30", cisaExploitAdd: "2024-09-09", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "SonicWall SonicOS Improper Access Control Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "37E20C47-F8DA-4313-B9AD-C63CEA9D42C5", versionEndExcluding: "5.9.2.14-13o", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:soho:-:*:*:*:*:*:*:*", matchCriteriaId: "C6B6B3FD-428E-4D6C-8C45-172CF4FB430D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0B16D102-B2BA-4F94-A42F-B8EB2E697907", versionEndExcluding: "6.5.2.8-2n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nssp_12400:-:*:*:*:*:*:*:*", matchCriteriaId: "F2F22AB1-044C-45F1-BD33-82BB46402363", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_12800:-:*:*:*:*:*:*:*", matchCriteriaId: "E62EAD79-2CD4-4479-B26A-A0C97B5B241A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*", matchCriteriaId: "FCBF16D6-4C60-440D-95AB-986ABC4F9100", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "CAFD6E22-8E19-4B5A-85DE-7850FE0AE7CF", versionEndExcluding: "6.5.4.15.116n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350w:-:*:*:*:*:*:*:*", matchCriteriaId: "FF991212-3F2C-4F54-B96C-C33F500DB77B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "34814AB8-5F1D-44B4-B53B-FC4FA794DDAA", versionEndIncluding: "7.0.1-5035", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*", matchCriteriaId: "8D8B0C7A-FD65-47CA-A625-150A90EFA7A1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*", matchCriteriaId: "A69E000B-5806-46FD-A233-4E2CC9DD38D2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*", matchCriteriaId: "8DF4A322-7CC7-4AB9-B10E-FFF34DF2182D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*", matchCriteriaId: "4C15FED5-C48C-47CF-9645-0563D77883C1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*", matchCriteriaId: "A884B1BB-F201-4C77-9F6E-B8A884DCD4C2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*", matchCriteriaId: "7C3BA5A3-1160-4793-A8D6-40B9D264BCC4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*", matchCriteriaId: "6739DEA3-06FF-4FEB-9931-0DB27F63B70E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*", matchCriteriaId: "0250EDF9-0AEF-4711-8EF6-D447CF48BCAF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad de control de acceso inadecuado en el acceso de administración de SonicWall SonicOS, que potencialmente conduce a un acceso no autorizado a recursos y, en condiciones específicas, provoca que el firewall falle. Este problema afecta a los dispositivos SonicWall Firewall Gen 5 y Gen 6, así como a los dispositivos Gen 7 que ejecutan SonicOS 7.0.1-5035 y versiones anteriores.", }, ], id: "CVE-2024-40766", lastModified: "2024-09-16T19:48:30.827", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-08-23T07:15:03.643", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 23:15
Modified
2024-11-21 08:15
Severity ?
Summary
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "2C7049FD-8088-4FCE-886A-F4CF5E287D1C", versionEndExcluding: "7.0.1-5145", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*", matchCriteriaId: "7BC4F132-D29A-4974-86DA-6E35AB05327C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*", matchCriteriaId: "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*", matchCriteriaId: "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*", matchCriteriaId: "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*", matchCriteriaId: "15F2741F-3C32-4075-A224-BE272B50E3D9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*", matchCriteriaId: "AC883B32-987C-4D34-8BBF-39E2C57A62EE", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*", matchCriteriaId: "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B4A33E-8456-451E-AAF4-7F48BEDACF45", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*", matchCriteriaId: "70340DD4-687B-402C-85AF-C2B80D0F1600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*", matchCriteriaId: "52847BA2-470B-4078-A79B-52095DB9214B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*", matchCriteriaId: "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBDD10C-F89D-4051-BC70-67B41167FF9B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*", matchCriteriaId: "6C23940E-2F9D-447B-A740-42035ED5D400", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*", matchCriteriaId: "90C790AD-C40E-4527-8F83-D278282A9600", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*", matchCriteriaId: "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*", matchCriteriaId: "352DFCF9-E333-41C0-8033-91265768FD8E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*", matchCriteriaId: "4C882C38-9DA5-4C03-BB23-AB2B448E3307", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*", matchCriteriaId: "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B91638E-FB80-4C65-8A37-827488CB3E2C", versionEndExcluding: "6.5.4.4-44v-21-2340", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*", matchCriteriaId: "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*", matchCriteriaId: "93914C8C-69ED-480C-80F2-4334C00788D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*", matchCriteriaId: "FE26ECE3-9E17-456F-A416-E23A758C9E4C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*", matchCriteriaId: "67EEA85D-8F9E-4E41-B8B3-119738375A84", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*", matchCriteriaId: "DACDCE12-74C2-4F3C-8421-9191700514C5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D33997-0D65-464E-8AA5-043499C667D1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*", matchCriteriaId: "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*", matchCriteriaId: "3AF1ECB1-6257-41E3-A050-6467063F4807", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*", matchCriteriaId: "BA838CC7-083A-4BF1-9C95-BED6F5A2992C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*", matchCriteriaId: "D0171D69-14A6-4AB0-8377-C233F5E192D8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*", matchCriteriaId: "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D74A465-1A72-4A02-8A54-FD502BD28119", versionEndExcluding: "6.5.4.13-105n", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*", matchCriteriaId: "F86D13F9-D41E-4230-9116-A781FFAEF00D", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "8A24BCC0-CE41-49AF-B03D-D4FCB422503B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "043858A6-26AC-4EB0-A240-A43AD08C6AD5", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*", matchCriteriaId: "8FD73880-DC60-467F-99B6-69807D58A840", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*", matchCriteriaId: "73BB9452-A014-4A68-9662-63E6C60EEAD2", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*", matchCriteriaId: "B0CF683A-7E83-464B-8A0D-4CC641377FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*", matchCriteriaId: "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*", matchCriteriaId: "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*", matchCriteriaId: "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "FEF2B435-957C-4BBE-937D-23E4F33189EF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*", matchCriteriaId: "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*", matchCriteriaId: "B485C543-DFCF-4481-92B4-F7198EE4FBD1", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*", matchCriteriaId: "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*", matchCriteriaId: "F030C5AB-36CA-445E-AC87-8DEE18DBB40E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*", matchCriteriaId: "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*", matchCriteriaId: "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8F3935-89B4-4091-9B8C-442C02FD4F3A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*", matchCriteriaId: "7268E89B-FF46-45AD-82FF-333505EF957B", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*", matchCriteriaId: "0804FADE-57F7-452F-86B3-079701059D37", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*", matchCriteriaId: "9956F726-6D62-4616-B60A-4D3DD6F32105", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*", matchCriteriaId: "29F4D403-F20A-4802-AAE9-9582486EB436", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*", matchCriteriaId: "675F28A7-0BB3-4CDA-855E-7EFC650B512E", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*", matchCriteriaId: "5983C650-84F6-4B2E-A27E-9E83EA1DDC02", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*", matchCriteriaId: "BDD4B412-7967-477F-929E-8F12A39186FF", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*", matchCriteriaId: "A1D996FA-52D1-47C2-87E6-682EEC9CA532", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*", matchCriteriaId: "B9DEF6EE-000D-407D-AA2B-E039BA306A2A", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0", vulnerable: false, }, { criteria: "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*", matchCriteriaId: "DCB8CDE6-8052-40F7-950F-05329499A58A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.", }, { lang: "es", value: "La vulnerabilidad de desbordamiento del búfer basado posterior a la autenticación de SonicOS en el endpoint de URL getPacketReplayData.json provoca una falla del firewall.", }, ], id: "CVE-2023-39279", lastModified: "2024-11-21T08:15:03.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T23:15:11.790", references: [ { source: "PSIRT@sonicwall.com", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012", }, ], sourceIdentifier: "PSIRT@sonicwall.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "PSIRT@sonicwall.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }