CVE-2023-0656
Key Information:
- Vendor
- SonicWall
- Status
- SonicOS
- Vendor
- CVE Published:
- 2 March 2023
Badges
Summary
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.
Affected Version(s)
SonicOS SonicOS NSv 6.5.4.4-44v-21-1551 and earlier
SonicOS SonicOS NSsp 7.0.1-5083 and earlier
SonicOS SonicOS 7.0.1-5095 and earlier
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
TT-CSIRT: Trinidad and Tobago Cyber Security Incident Response TeamCVE-2023-0656TT-CSIRT β 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 & CVE-2022-22274
TT-CSIRT β 424 17.01.24: Patch SonicWall Firewall Still Vulnerable to CVE-2023-0656 and CVE-2022-22274 Severity: Critical Overview: SonicWall Firewalls CVE-2022-22274 and CVE-2023-0656 have...
1 year ago
Techzine EuropeCVE-2023-0656More than 178,000 SonicWall firewalls vulnerable to simple DoS attack
More than 178,000 SonicWall firewalls are vulnerable to Denial of Service (DoS) and Remote Code Execution (RCE) attacks due to two vulnerabilities. The
1 year ago
178K+ SonicWall Firewalls Vulnerable to DoS, RCE Attacks
Two flaws discovered a year apart are ostensibly the same with slightly different exploit paths, exposing corporate networks to risk and potential intrusion.
1 year ago
References
CVSS V3.1
Timeline
- π°
First article discovered by Bleeping Computer
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved