SonicWall PSIRT has confirmed two vulnerabilities: a stack-based buffer overflow vulnerability and a post-authentication improper privilege management vulnerability in the SonicOS SSL VPN Tunnel. These vulnerabilities only impact SonicWALL firewalls TZ, NSa, NS sp and NSv. There is no impact on SonicWall SSLVPN SMA100 and SMA1000 series products.
SonicWall strongly urges that organizations using older versions of SonicWall firmware follow the guidance provided by SonicWall PSIRT and upgrade as soon as possible.
IMPORTANT: There is no evidence that these vulnerabilities are being exploited in the wild.
OVERVIEW
- Advisory ID: SNWLID-2023-0012
- Product(s): SonicWall Gen 6 and SonicWall Gen 7 Firewalls
- Issue: Unauthenticated Stack-based Buffer Overflow Vulnerability in SonicOS and post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel
- CVSS:
- Unauthenticated Stack-based Buffer Overflow Vulnerability in SonicOS: 7.7 (high)
- Post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel: 6.4 (Medium)
- Impacted Version(s): Please refer to the SonicWall PSIRT page.
- Fixed Version(s): 7.0.1-5145, 6.5.4.4-44v-21 and higher versions and 6.5.4.13-105n and higher versions, and 6.5.4.12-101n and older versions.
FOR FULL DETAILS PLEASE CLICK ON THE BELOW UPDATES ON OCTOBER 17
|
|
