CVE-2023-39277 - OpenCVE

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sonicwall	Nsa2700 Nsa3700 Nsa4700 Nsa5700 Nsa6700 Nsa 2600 Nsa 2650 Nsa 3600 Nsa 3650 Nsa 4600 Nsa 4650 Nsa 5600 Nsa 5650 Nsa 6600 Nsa 6650 Nssp10700 Nssp11700 Nssp13700 Nssp15700 Nsv10 Nsv100 Nsv1600 Nsv200 Nsv25 Nsv270 Nsv300 Nsv400 Nsv470 Nsv50 Nsv800 Nsv870 Sm 9200 Sm 9250 Sm 9400 Sm 9450 Sm 9600 Sm 9650 Soho 250 Soho 250w Sohow Sonicos Tz270 Tz270w Tz370 Tz370w Tz470 Tz470w Tz570 Tz570p Tz570w Tz670 Tz 300 Tz 300p Tz 300w Tz 350 Tz 400 Tz 400w Tz 500 Tz 500w Tz 600 Tz 600p

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp13700:-:::::::*
	cpe:2.3:h:sonicwall:nssp15700:-:::::::*
	cpe:2.3:h:sonicwall:nsv10:-:::::::*
	cpe:2.3:h:sonicwall:nsv100:-:::::::*
	cpe:2.3:h:sonicwall:nsv1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv200:-:::::::*
	cpe:2.3:h:sonicwall:nsv25:-:::::::*
	cpe:2.3:h:sonicwall:nsv270:-:::::::*
	cpe:2.3:h:sonicwall:nsv300:-:::::::*
	cpe:2.3:h:sonicwall:nsv400:-:::::::*
	cpe:2.3:h:sonicwall:nsv470:-:::::::*
	cpe:2.3:h:sonicwall:nsv50:-:::::::*
	cpe:2.3:h:sonicwall:nsv800:-:::::::*
	cpe:2.3:h:sonicwall:nsv870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsv10:-:::::::*
	cpe:2.3:h:sonicwall:nsv100:-:::::::*
	cpe:2.3:h:sonicwall:nsv1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv200:-:::::::*
	cpe:2.3:h:sonicwall:nsv25:-:::::::*
	cpe:2.3:h:sonicwall:nsv270:-:::::::*
	cpe:2.3:h:sonicwall:nsv300:-:::::::*
	cpe:2.3:h:sonicwall:nsv400:-:::::::*
	cpe:2.3:h:sonicwall:nsv470:-:::::::*
	cpe:2.3:h:sonicwall:nsv50:-:::::::*
	cpe:2.3:h:sonicwall:nsv800:-:::::::*
	cpe:2.3:h:sonicwall:nsv870:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

No data.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

History

No history.

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2023-10-17T22:08:55.318Z

Updated: 2024-09-13T16:03:01.532Z

Reserved: 2023-07-27T00:07:04.124Z

Link: CVE-2023-39277

Vulnrichment

Updated: 2024-08-02T18:02:06.752Z

NVD

Status : Analyzed

Published: 2023-10-17T23:15:11.660

Modified: 2023-10-19T16:44:50.013

Link: CVE-2023-39277

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object