CVE-2023-41711
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 7.0.1-5145 |
| Running on/with | Platform Versions |
|---|---|
Sonicwall Nsa2700 | All versions |
Sonicwall Nsa3700 | All versions |
Sonicwall Nsa4700 | All versions |
Sonicwall Nsa5700 | All versions |
Sonicwall Nsa6700 | All versions |
Sonicwall Nssp10700 | All versions |
Sonicwall Nssp11700 | All versions |
Sonicwall Nssp13700 | All versions |
Sonicwall Nssp15700 | All versions |
Sonicwall Tz270 | All versions |
Sonicwall Tz270w | All versions |
Sonicwall Tz370 | All versions |
Sonicwall Tz370w | All versions |
Sonicwall Tz470 | All versions |
Sonicwall Tz470w | All versions |
Sonicwall Tz570 | All versions |
Sonicwall Tz570p | All versions |
Sonicwall Tz570w | All versions |
Sonicwall Tz670 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.5.4.4-44v-21-2340 |
| Running on/with | Platform Versions |
|---|---|
Sonicwall Nsv10 | All versions |
Sonicwall Nsv100 | All versions |
Sonicwall Nsv1600 | All versions |
Sonicwall Nsv200 | All versions |
Sonicwall Nsv25 | All versions |
Sonicwall Nsv270 | All versions |
Sonicwall Nsv300 | All versions |
Sonicwall Nsv400 | All versions |
Sonicwall Nsv470 | All versions |
Sonicwall Nsv50 | All versions |
Sonicwall Nsv800 | All versions |
Sonicwall Nsv870 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.5.4.13-105n |
| Running on/with | Platform Versions |
|---|---|
Sonicwall Nsa 2600 | All versions |
Sonicwall Nsa 2650 | All versions |
Sonicwall Nsa 3600 | All versions |
Sonicwall Nsa 3650 | All versions |
Sonicwall Nsa 4600 | All versions |
Sonicwall Nsa 4650 | All versions |
Sonicwall Nsa 5600 | All versions |
Sonicwall Nsa 5650 | All versions |
Sonicwall Nsa 6600 | All versions |
Sonicwall Nsa 6650 | All versions |
Sonicwall Sm 9200 | All versions |
Sonicwall Sm 9250 | All versions |
Sonicwall Sm 9400 | All versions |
Sonicwall Sm 9450 | All versions |
Sonicwall Sm 9600 | All versions |
Sonicwall Sm 9650 | All versions |
Sonicwall Soho 250 | All versions |
Sonicwall Soho 250w | All versions |
Sonicwall Sohow | All versions |
Sonicwall Tz 300 | All versions |
Sonicwall Tz 300p | All versions |
Sonicwall Tz 300w | All versions |
Sonicwall Tz 350 | All versions |
Sonicwall Tz 400 | All versions |
Sonicwall Tz 400w | All versions |
Sonicwall Tz 500 | All versions |
Sonicwall Tz 500w | All versions |
Sonicwall Tz 600 | All versions |
Sonicwall Tz 600p | All versions |
Related CWEs
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (2)
Source: PSIRT@sonicwall.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.