SB2023101650 - Multiple vulnerabilities in SonicWall SonicOS

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2023-39276)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the getBookmarkList.json endpoint. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

2) Stack-based buffer overflow (CVE-ID: CVE-2023-39277)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the sonicflow.csv and appflowsessions.csv endpoints. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

3) Reachable Assertion (CVE-ID: CVE-2023-39278)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the main.cgi script. A remote authenticated user can send a specially crafted HTTP request to the affected URL and perform a denial of service (DoS) attack.

4) Stack-based buffer overflow (CVE-ID: CVE-2023-39279)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the getPacketReplayData.json URL endpoint. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

5) Stack-based buffer overflow (CVE-ID: CVE-2023-39280)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ssoStats-s.xml and ssoStats-s.wri endpoints. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

6) Stack-based buffer overflow (CVE-ID: CVE-2023-41711)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the sonicwall.exp and prefs.exp endpoints. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

7) Stack-based buffer overflow (CVE-ID: CVE-2023-41712)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SSL VPN's plainprefs.exp URL endpoint. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

8) Use of Hard-coded Password (CVE-ID: CVE-2023-41713)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of hard-coded password in "dynHandleBuyToolbar" demo function. A remote attacker can gain access to sensitive information on the device.

9) Improper Privilege Management (CVE-ID: CVE-2023-41715)

The vulnerability allows a remote user to escalate privileges within the tunnel.

The vulnerability exists due to improper privilege management in the SonicOS SSL VPN Tunnel. A remote authenticated user can gain elevated privileges inside the tunnel.

Remediation

Install update from vendor's website.

References

• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012