CVE-2023-1101 - Vulnerability Details

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00317.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Sonicwall	Nsa 2600 Nsa 2650 Nsa 2700 Nsa 3600 Nsa 3650 Nsa 3700 Nsa 4600 Nsa 4650 Nsa 4700 Nsa 5600 Nsa 5650 Nsa 5700 Nsa 6600 Nsa 6650 Nsa 6700 Nsa 9250 Nsa 9450 Nsa 9650 Nssp12400 Nssp12800 Nssp 10700 Nssp 11700 Nssp 13700 Nssp 15700 Nsv 10 Nsv 100 Nsv 1600 Nsv 200 Nsv 25 Nsv 270 Nsv 300 Nsv 400 Nsv 470 Nsv 50 Nsv 800 Nsv 870 Sm10200 Sm10400 Sm10800 Sm9200 Sm9400 Sm9600 Sm9800 Soho 250 Soho 250w Sohow Sonicos Tz270 Tz270w Tz300 Tz300p Tz300w Tz350 Tz350w Tz370 Tz370w Tz400 Tz400w Tz470 Tz470w Tz500 Tz500w Tz570 Tz570p Tz570w Tz600 Tz600p Tz670

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:nsv_270:-:::::::*
	cpe:2.3:h:sonicwall:nsv_470:-:::::::*
	cpe:2.3:h:sonicwall:nsv_870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsv_10:-:::::::*
	cpe:2.3:h:sonicwall:nsv_100:-:::::::*
	cpe:2.3:h:sonicwall:nsv_1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv_200:-:::::::*
	cpe:2.3:h:sonicwall:nsv_25:-:::::::*
	cpe:2.3:h:sonicwall:nsv_300:-:::::::*
	cpe:2.3:h:sonicwall:nsv_400:-:::::::*
	cpe:2.3:h:sonicwall:nsv_50:-:::::::*
	cpe:2.3:h:sonicwall:nsv_800:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_9250:-:::::::*
	cpe:2.3:h:sonicwall:nsa_9450:-:::::::*
	cpe:2.3:h:sonicwall:nsa_9650:-:::::::*
	cpe:2.3:h:sonicwall:nssp12400:-:::::::*
	cpe:2.3:h:sonicwall:nssp12800:-:::::::*
	cpe:2.3:h:sonicwall:sm10200:-:::::::*
	cpe:2.3:h:sonicwall:sm10400:-:::::::*
	cpe:2.3:h:sonicwall:sm10800:-:::::::*
	cpe:2.3:h:sonicwall:sm9200:-:::::::*
	cpe:2.3:h:sonicwall:sm9400:-:::::::*
	cpe:2.3:h:sonicwall:sm9600:-:::::::*
	cpe:2.3:h:sonicwall:sm9800:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz300:-:::::::*
	cpe:2.3:h:sonicwall:tz300p:-:::::::*
	cpe:2.3:h:sonicwall:tz300w:-:::::::*
	cpe:2.3:h:sonicwall:tz350:-:::::::*
	cpe:2.3:h:sonicwall:tz350w:-:::::::*
	cpe:2.3:h:sonicwall:tz400:-:::::::*
	cpe:2.3:h:sonicwall:tz400w:-:::::::*
	cpe:2.3:h:sonicwall:tz500:-:::::::*
	cpe:2.3:h:sonicwall:tz500w:-:::::::*
	cpe:2.3:h:sonicwall:tz600:-:::::::*
	cpe:2.3:h:sonicwall:tz600p:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-23388	SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005

History

Fri, 07 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2023-03-02T00:00:00.000Z

Updated: 2025-03-07T19:19:56.993Z

Reserved: 2023-02-28T00:00:00.000Z

Link: CVE-2023-1101

Vulnrichment

Updated: 2024-08-02T05:32:46.405Z

NVD

Status : Modified

Published: 2023-03-02T22:15:09.560

Modified: 2025-03-07T20:15:36.463

Link: CVE-2023-1101

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object