- 59/2023
- High
SonicWall has released security updates to address vulnerabilities in SonicOS which runs on SonicWall firewalls and provides the web management interface for configurations.
The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack or bypass security restrictions on the affected products.
Sample of the addressed vulnerabilities:
SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2023-0656):
• CVSS: 7.5
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Denial of Service
Sample of the affected products:
• SonicWall NSsp Firewall NSsp 15700, version 7.0.1-5083 and earlier.
• SonicWall FireWalls NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 1600, version 6.5.4.4-44v-21-1551 and earlier.
• SonicWall Gen6 Firewalls NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200, NSv, 300, NSv 400, NSv 800, NSv 1600, version 6.5.4.11-97n, 6.5.4.4-44v-21-1551 and earlier.
Vulnerabilities
- CVE-2023-0656
- CVE-2023-1101
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.