Lucene search

[email protected]CVE-2023-41715

HistoryOct 17, 2023 - 11:15 p.m.

CVE-2023-41715

2023-10-1723:15:12

CWE-269

[email protected]

web.nvd.nist.gov

sonicos

post-authentication

privilege management

vulnerability

ssl vpn tunnel

cve-2023-41715

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.

Affected configurations

NVD

Node

sonicwallsonicosRange<7.0.1-5145

AND

sonicwallnsa2700Match-

sonicwallnsa3700Match-

sonicwallnsa4700Match-

sonicwallnsa5700Match-

sonicwallnsa6700Match-

sonicwallnssp10700Match-

sonicwallnssp11700Match-

sonicwallnssp13700Match-

sonicwallnssp15700Match-

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz570Match-

sonicwalltz570pMatch-

sonicwalltz570wMatch-

sonicwalltz670Match-

Node

sonicwallsonicosRange<6.5.4.4-44v-21-2340

AND

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

Node

sonicwallsonicosRange<6.5.4.13-105n

AND

sonicwallnsa_2600Match-

sonicwallnsa_2650Match-

sonicwallnsa_3600Match-

sonicwallnsa_3650Match-

sonicwallnsa_4600Match-

sonicwallnsa_4650Match-

sonicwallnsa_5600Match-

sonicwallnsa_5650Match-

sonicwallnsa_6600Match-

sonicwallnsa_6650Match-

sonicwallsm_9200Match-

sonicwallsm_9250Match-

sonicwallsm_9400Match-

sonicwallsm_9450Match-

sonicwallsm_9600Match-

sonicwallsm_9650Match-

sonicwallsoho_250Match-

sonicwallsoho_250wMatch-

sonicwallsohowMatch-

sonicwalltz_300Match-

sonicwalltz_300pMatch-

sonicwalltz_300wMatch-

sonicwalltz_350Match-

sonicwalltz_400Match-

sonicwalltz_400wMatch-

sonicwalltz_500Match-

sonicwalltz_500wMatch-

sonicwalltz_600Match-

sonicwalltz_600pMatch-

CPENameOperatorVersion
sonicwall:sonicossonicwall sonicoslt7.0.1-5145

CPE	Name	Operator	Version
sonicwall:sonicos	sonicwall sonicos	lt	7.0.1-5145

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "Management",
      "SSLVPN"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-5119 and earlier versions"
      },
      {
        "status": "affected",
        "version": "7.0.1-5129 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.4-44v-21-2079 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.12-101n and earlier versions"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

Related for CVE-2023-41715

cvelist1 prion1 nvd1 nessus1