Skip to content
SonicWall Product Security Notice

SonicWall Product Security Notice

SonicWall Product Security Notice: Unauthenticated Stack-based Buffer Overflow Vulnerability in SonicOS

SonicWall PSIRT has confirmed an unauthenticated stack-based buffer overflow vulnerability in SonicOS 7.0.1 firmware. Left unpatched, this could potentially allow an unauthenticated remote attacker to cause a denial of service (DoS) via a stack-based buffer overflow condition, which could cause an impacted appliance to crash.

Overview

A stack-based buffer overflow vulnerability was discovered and confirmed in certain SonicOS firmware versions ( SNWLID-2023-0004 ). This potentially allows an unauthenticated user to send a malicious request to create a Denial of Service (DoS) that may cause an impacted firewall appliance to crash.

IMPORTANT: SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.

Product Impact

Please review the table below to see if your firewall appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.

Impacted Platforms

Impacted Version

TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W,

TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,
NSa 4700, NSa 5700, NSa 6700, NSsp 10700,

NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870

7.0.1-5095 and older

NSsp 15700

7.0.1-5083 and older

NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300,
NSv 400, NSv 800, NSv 1600

6.5.4.4-44v-21-1551 and earlier

NOTE: Physical firewall appliances using SonicOS 5.x, 6.x and 6.5.x are not impacted.

Workaround

Organizations can protect themselves from external attackers by restricting management access of the firewall to only trusted sources . To do this, disable management access and instead use VPN and/or Network Security Manager (NSM) for remote access and management.

Remediation

Product

Impacted Platforms

Impacted
Version

Fixed Version

SonicWall (Gen 7) Firewalls

TZ270 TZ270W, TZ370, TZ370W TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700,
NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,

NSv 270, NSv 470, NSv 870

7.0.1-5095 and earlier

7.0.1-5111 and later

SonicWall NSsp Firewall

NSsp 15700

7.0.1-5083 and earlier

7.0.1-5100 and later

SonicWall (Gen 6.5)
NSv Firewalls

NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,

NSv, 300, NSv 400, NSv 800, NSv 1600

6.5.4.4-44v-21-1551 and earlier

TBD*

NOTE: SonicWall expects an official firmware version with necessary patches for Gen6 NSv to be available mid-March 2023.

Previous article SonicWall Product Update
Next article SonicWall Product Security Notice: Path Traversal Vulnerability

More SonicWall News Posts

  • Product Security Notice:  SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now