Stack-Based Buffer Overflow Vulnerability in SonicWall Firewall
CVE-2023-41711

6.5MEDIUM

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 17 October 2023

Summary

The vulnerability in SonicOS is a stack-based buffer overflow found in the sonicwall.exp and prefs.exp URL endpoints. This issue occurs post-authentication and can lead to a complete crash of the firewall, potentially disrupting services and exposing the network to various security threats. It is essential for users to apply the recommended fixes as outlined in the vendor advisory to mitigate any risks associated with this vulnerability.

Affected Version(s)

SonicOS 7.0.1-5119 and earlier versions

SonicOS 7.0.1-5129 and earlier versions

SonicOS 6.5.4.4-44v-21-2079 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Aug 30, 2023