Lucene search

[email protected]CVE-2023-39277

HistoryOct 17, 2023 - 11:15 p.m.

CVE-2023-39277

2023-10-1723:15:11

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

cve-2023-39277

sonicos

post-authentication

stack-based buffer overflow

url endpoints

firewall crash

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

Affected configurations

NVD

Node

sonicwallsonicosRange<7.0.1-5145

AND

sonicwallnsa2700Match-

sonicwallnsa3700Match-

sonicwallnsa4700Match-

sonicwallnsa5700Match-

sonicwallnsa6700Match-

sonicwallnssp10700Match-

sonicwallnssp11700Match-

sonicwallnssp13700Match-

sonicwallnssp15700Match-

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz570Match-

sonicwalltz570pMatch-

sonicwalltz570wMatch-

sonicwalltz670Match-

Node

sonicwallsonicosRange<6.5.4.4-44v-21-2340

AND

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

Node

sonicwallsonicosRange<6.5.4.13-105n

AND

sonicwallnsa_2600Match-

sonicwallnsa_2650Match-

sonicwallnsa_3600Match-

sonicwallnsa_3650Match-

sonicwallnsa_4600Match-

sonicwallnsa_4650Match-

sonicwallnsa_5600Match-

sonicwallnsa_5650Match-

sonicwallnsa_6600Match-

sonicwallnsa_6650Match-

sonicwallsm_9200Match-

sonicwallsm_9250Match-

sonicwallsm_9400Match-

sonicwallsm_9450Match-

sonicwallsm_9600Match-

sonicwallsm_9650Match-

sonicwallsoho_250Match-

sonicwallsoho_250wMatch-

sonicwallsohowMatch-

sonicwalltz_300Match-

sonicwalltz_300pMatch-

sonicwalltz_300wMatch-

sonicwalltz_350Match-

sonicwalltz_400Match-

sonicwalltz_400wMatch-

sonicwalltz_500Match-

sonicwalltz_500wMatch-

sonicwalltz_600Match-

sonicwalltz_600pMatch-

CPENameOperatorVersion
sonicwall:sonicossonicwall sonicoslt7.0.1-5145

CPE	Name	Operator	Version
sonicwall:sonicos	sonicwall sonicos	lt	7.0.1-5145

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "Management",
      "SSLVPN"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-5119 and earlier versions"
      },
      {
        "status": "affected",
        "version": "7.0.1-5129 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.4-44v-21-2079 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.12-101n and earlier versions"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-39277

nvd1 cvelist1 prion1 nessus1