Lucene search

[email protected]CVE-2023-39280

HistoryOct 17, 2023 - 11:15 p.m.

CVE-2023-39280

2023-10-1723:15:11

CWE-121

CWE-787

[email protected]

web.nvd.nist.gov

sonicos

post-authentication

buffer overflow

ssostats-s.xml

ssostats-s.wri

firewall crash

cve-2023-39280

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

SonicOS p

ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.

Affected configurations

NVD

Node

sonicwallsonicosRange<7.0.1-5145

AND

sonicwallnsa2700Match-

sonicwallnsa3700Match-

sonicwallnsa4700Match-

sonicwallnsa5700Match-

sonicwallnsa6700Match-

sonicwallnssp10700Match-

sonicwallnssp11700Match-

sonicwallnssp13700Match-

sonicwallnssp15700Match-

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz570Match-

sonicwalltz570pMatch-

sonicwalltz570wMatch-

sonicwalltz670Match-

Node

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

AND

sonicwallsonicosRange<6.5.4.4-44v-21-2340

Node

sonicwallnsa_2600Match-

sonicwallnsa_2650Match-

sonicwallnsa_3600Match-

sonicwallnsa_3650Match-

sonicwallnsa_4600Match-

sonicwallnsa_4650Match-

sonicwallnsa_5600Match-

sonicwallnsa_5650Match-

sonicwallnsa_6600Match-

sonicwallnsa_6650Match-

sonicwallsm_9200Match-

sonicwallsm_9250Match-

sonicwallsm_9400Match-

sonicwallsm_9450Match-

sonicwallsm_9600Match-

sonicwallsm_9650Match-

sonicwallsoho_250Match-

sonicwallsoho_250wMatch-

sonicwallsohowMatch-

sonicwalltz_300Match-

sonicwalltz_300pMatch-

sonicwalltz_300wMatch-

sonicwalltz_350Match-

sonicwalltz_400Match-

sonicwalltz_400wMatch-

sonicwalltz_500Match-

sonicwalltz_500wMatch-

sonicwalltz_600Match-

sonicwalltz_600pMatch-

AND

sonicwallsonicosRange<6.5.4.13-105n

CPENameOperatorVersion
sonicwall:sonicossonicwall sonicoslt7.0.1-5145

CPE	Name	Operator	Version
sonicwall:sonicos	sonicwall sonicos	lt	7.0.1-5145

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "Management",
      "SSLVPN"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-5119 and earlier versions"
      },
      {
        "status": "affected",
        "version": "7.0.1-5129 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.4-44v-21-2079 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.12-101n and earlier versions"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-39280

nvd1 prion1 cvelist1 nessus1