- 264/2023
- High
SonicWall has released security updates to fix multiple vulnerabilities in The SonicOS Management web interface and SSLVPN portal.
The addressed vulnerabilities could allow the attacker to gain privilege, perform a denial of service attack, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. SonicWall SonicOS Denial of Service Vulnerability (CVE-2023-39276):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
2. SonicWall SonicOS Privilege Escalation Vulnerability (CVE-2023-41715):
- CVSS: 6.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2023-39276
- CVE-2023-39277
- CVE-2023-39278
- CVE-2023-39279
- CVE-2023-39280
- CVE-2023-41711
- CVE-2023-41712
- CVE-2023-41713
- CVE-2023-41715
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.