Stack-based Buffer Overflow in SonicOS Firewall Affects SonicWall Products
CVE-2023-0656
Key Information:
Badges
Summary
A stack-based buffer overflow vulnerability in SonicOS can be exploited by remote unauthenticated attackers to initiate Denial of Service (DoS) attacks. Such attacks may lead to unexpected crashes of the firewall, compromising the integrity and availability of the network security environment. Organizations using affected SonicWall products should apply recommended patches to mitigate this risk.
Affected Version(s)
SonicOS SonicOS NSv 6.5.4.4-44v-21-1551 and earlier
SonicOS SonicOS NSsp 7.0.1-5083 and earlier
SonicOS SonicOS 7.0.1-5095 and earlier
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
TT-CSIRT: Trinidad and Tobago Cyber Security Incident Response TeamCVE-2023-0656TT-CSIRT β 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 & CVE-2022-22274
TT-CSIRT β 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 and CVE-2022-22274 Severity: Critical Overview: SonicWall Firewalls CVE-2022-22274 and CVE-2023-0656 have...
1 year ago
Techzine EuropeCVE-2023-0656More than 178,000 SonicWall firewalls vulnerable to simple DoS attack
More than 178,000 SonicWall firewalls are vulnerable to Denial of Service (DoS) and Remote Code Execution (RCE) attacks due to two vulnerabilities. The
1 year ago
178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks
Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion.
1 year ago
References
CVSS V3.1
Timeline
- π°
First article discovered by Bleeping Computer
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved