CVE-2023-39277 - Vulnerability Details

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00484.

Key SSVC decision points have not yet been added.

Vendors	Products
Sonicwall	Nsa2700 Nsa3700 Nsa4700 Nsa5700 Nsa6700 Nsa 2600 Nsa 2650 Nsa 3600 Nsa 3650 Nsa 4600 Nsa 4650 Nsa 5600 Nsa 5650 Nsa 6600 Nsa 6650 Nssp10700 Nssp11700 Nssp13700 Nssp15700 Nsv10 Nsv100 Nsv1600 Nsv200 Nsv25 Nsv270 Nsv300 Nsv400 Nsv470 Nsv50 Nsv800 Nsv870 Sm 9200 Sm 9250 Sm 9400 Sm 9450 Sm 9600 Sm 9650 Soho 250 Soho 250w Sohow Sonicos Tz270 Tz270w Tz370 Tz370w Tz470 Tz470w Tz570 Tz570p Tz570w Tz670 Tz 300 Tz 300p Tz 300w Tz 350 Tz 400 Tz 400w Tz 500 Tz 500w Tz 600 Tz 600p

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp13700:-:::::::*
	cpe:2.3:h:sonicwall:nssp15700:-:::::::*
	cpe:2.3:h:sonicwall:nsv10:-:::::::*
	cpe:2.3:h:sonicwall:nsv100:-:::::::*
	cpe:2.3:h:sonicwall:nsv1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv200:-:::::::*
	cpe:2.3:h:sonicwall:nsv25:-:::::::*
	cpe:2.3:h:sonicwall:nsv270:-:::::::*
	cpe:2.3:h:sonicwall:nsv300:-:::::::*
	cpe:2.3:h:sonicwall:nsv400:-:::::::*
	cpe:2.3:h:sonicwall:nsv470:-:::::::*
	cpe:2.3:h:sonicwall:nsv50:-:::::::*
	cpe:2.3:h:sonicwall:nsv800:-:::::::*
	cpe:2.3:h:sonicwall:nsv870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsv10:-:::::::*
	cpe:2.3:h:sonicwall:nsv100:-:::::::*
	cpe:2.3:h:sonicwall:nsv1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv200:-:::::::*
	cpe:2.3:h:sonicwall:nsv25:-:::::::*
	cpe:2.3:h:sonicwall:nsv270:-:::::::*
	cpe:2.3:h:sonicwall:nsv300:-:::::::*
	cpe:2.3:h:sonicwall:nsv400:-:::::::*
	cpe:2.3:h:sonicwall:nsv470:-:::::::*
	cpe:2.3:h:sonicwall:nsv50:-:::::::*
	cpe:2.3:h:sonicwall:nsv800:-:::::::*
	cpe:2.3:h:sonicwall:nsv870:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-43009	SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

History

No history.

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2023-10-17T22:08:55.318Z

Updated: 2024-09-13T16:03:01.532Z

Reserved: 2023-07-27T00:07:04.124Z

Link: CVE-2023-39277

Vulnrichment

Updated: 2024-08-02T18:02:06.752Z

NVD

Status : Modified

Published: 2023-10-17T23:15:11.660

Modified: 2024-11-21T08:15:02.753

Link: CVE-2023-39277

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object