SonicWall SonicOS Hard-coded Password Vulnerability in Demo Function
CVE-2023-41713

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Sonicos
Vendor: CVE Published:; 17 October 2023

Summary

A security issue has been identified in SonicWall's SonicOS where a hard-coded password is utilized in the 'dynHandleBuyToolbar' demo function. This vulnerability can potentially allow unauthorized access, compromising the security measures intended to protect users and their data. Organizations using affected versions are strongly advised to apply the latest security updates to mitigate associated risks.

Affected Version(s)

SonicOS 7.0.1-5119 and earlier versions

SonicOS 7.0.1-5129 and earlier versions

SonicOS 6.5.4.4-44v-21-2079 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Aug 30, 2023