CVE-2023-0656
Key Information
- Vendor
- SonicWall
- Status
- SonicOS
- Vendor
- CVE Published:
- 2 March 2023
Badges
Summary
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
Affected Version(s)
SonicOS = SonicOS NSv 6.5.4.4-44v-21-1551 and earlier
SonicOS = SonicOS NSsp 7.0.1-5083 and earlier
SonicOS = SonicOS 7.0.1-5095 and earlier
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
TT-CSIRT – 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 & CVE-2022-22274
TT-CSIRT – 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 and CVE-2022-22274 Severity: Critical Overview: SonicWall Firewalls CVE-2022-22274 and CVE-2023-0656 have...
9 months ago
More than 178,000 SonicWall firewalls vulnerable to simple DoS attack
More than 178,000 SonicWall firewalls are vulnerable to Denial of Service (DoS) and Remote Code Execution (RCE) attacks due to two vulnerabilities. The
9 months ago
178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks
Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion.
9 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by Bleeping Computer
Vulnerability published.
Vulnerability Reserved.