Stack-Based Buffer Overflow Vulnerability in SonicWall's SonicOS Firewall
CVE-2023-39280

6.5MEDIUM

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 17 October 2023

Summary

A stack-based buffer overflow vulnerability has been identified in SonicWall's SonicOS affecting the ssoStats-s.xml and ssoStats-s.wri URL endpoints. Exploitation of this vulnerability can lead to unintended consequences, including the potential crashing of the firewall service, which may disrupt network operations. Users should be aware of this issue to ensure they are protected from possible exploitation.

Affected Version(s)

SonicOS 7.0.1-5119 and earlier versions

SonicOS 7.0.1-5129 and earlier versions

SonicOS 6.5.4.4-44v-21-2079 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Jul 27, 2023