CVE-2023-0656 - Vulnerability Details

Description

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.

Published: 2023-03-02

Score: 7.5 High

EPSS: 31.5% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SonicWall

SonicOS

affected

Version	Status	Constraints
`SonicOS NSv 6.5.4.4-44v-21-1551 and earlier`	affected	—
`SonicOS NSsp 7.0.1-5083 and earlier`	affected	—
`SonicOS 7.0.1-5095 and earlier`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:nsv_270:-:::::::*
	cpe:2.3:h:sonicwall:nsv_470:-:::::::*
	cpe:2.3:h:sonicwall:nsv_870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsv_10:-:::::::*
	cpe:2.3:h:sonicwall:nsv_100:-:::::::*
	cpe:2.3:h:sonicwall:nsv_1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv_200:-:::::::*
	cpe:2.3:h:sonicwall:nsv_25:-:::::::*
	cpe:2.3:h:sonicwall:nsv_300:-:::::::*
	cpe:2.3:h:sonicwall:nsv_400:-:::::::*
	cpe:2.3:h:sonicwall:nsv_50:-:::::::*
	cpe:2.3:h:sonicwall:nsv_800:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.31485.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004

History

Fri, 07 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Sonicwall Nsa 2700 Nsa 3700 Nsa 4700 Nsa 5700 Nsa 6700 Nssp 10700 Nssp 11700 Nssp 13700 Nssp 15700 Nsv 10 Nsv 100 Nsv 1600 Nsv 200 Nsv 25 Nsv 270 Nsv 300 Nsv 400 Nsv 470 Nsv 50 Nsv 800 Nsv 870 Sonicos Tz270 Tz270w Tz370 Tz370w Tz470 Tz470w Tz570 Tz570p Tz570w Tz670

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2023-03-02T00:00:00.000Z

Updated: 2025-03-07T17:28:09.794Z

Reserved: 2023-02-02T00:00:00.000Z

Link: CVE-2023-0656

Vulnrichment

Updated: 2024-08-02T05:17:50.372Z

NVD

Status : Modified

Published: 2023-03-02T22:15:09.487

Modified: 2024-11-21T07:37:34.140

Link: CVE-2023-0656

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object