Multiple vulnerabilities in SonicWall SonicOS



Published: 2023-10-16
Risk Medium
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2023-39276
CVE-2023-39277
CVE-2023-39278
CVE-2023-39279
CVE-2023-39280
CVE-2023-41711
CVE-2023-41712
CVE-2023-41713
CVE-2023-41715
CWE-ID CWE-121
CWE-617
CWE-259
CWE-269
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SonicOS
Operating systems & Components / Operating system

Vendor

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU82055

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39276

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the getBookmarkList.json endpoint. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU82056

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39277

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the sonicflow.csv and appflowsessions.csv endpoints. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Reachable Assertion

EUVDB-ID: #VU82057

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39278

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the main.cgi script. A remote authenticated user can send a specially crafted HTTP request to the affected URL and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU82058

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39279

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the getPacketReplayData.json URL endpoint. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU82059

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39280

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ssoStats-s.xml and ssoStats-s.wri endpoints. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

EUVDB-ID: #VU82060

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41711

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the sonicwall.exp and prefs.exp endpoints. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stack-based buffer overflow

EUVDB-ID: #VU82061

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41712

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the SSL VPN's plainprefs.exp URL endpoint. A remote authenticated user can send a specially crafted HTTP request to the affected URL, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use of Hard-coded Password

EUVDB-ID: #VU82062

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41713

CWE-ID: CWE-259 - Use of Hard-coded Password

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of hard-coded password in "dynHandleBuyToolbar" demo function. A remote attacker can gain access to sensitive information on the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Privilege Management

EUVDB-ID: #VU82063

Risk: Medium

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41715

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges within the tunnel.

The vulnerability exists due to improper privilege management in the SonicOS SSL VPN Tunnel. A remote authenticated user can gain elevated privileges inside the tunnel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SonicOS: before 7.0.1-5145

External links

http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###