Rewterz Threat Advisory – Multiple SonicWall SonicOS Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-41715 CVSS:6.4

SonicWall SonicOS could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper privilege management vulnerability in the SonicOS SSL VPN Tunnel. An authenticated attacker could exploit this vulnerability to elevate their privileges inside the tunnel.

CVE-2023-41713 CVSS:5.3

SonicWall SonicOS contains default hardcoded credentials in ‘dynHandleBuyToolbar’ demo function. A remote attacker could exploit this vulnerability to gain access to the system.

CVE-2023-41712 CVSS:7.7

SonicWall SonicOS is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability in the SSL VPN’s plainprefs.exp URL endpoint of the web management interface. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-41711 CVSS:7.7

SonicWall SonicOS is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability in the sonicwall.exp and prefs.exp endpoint of the web management interface. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39280 CVSS:7.7

SonicWall SonicOS is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability in the ssoStats-s.xml and ssoStats-s.wri endpoint of the web management interface. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39279 CVSS:7.7

SonicWall SonicOS is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability in the getPacketReplayData.json URL endpoint of the web management interface. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39278 CVSS:7.7

SonicWall SonicOS is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability in the main.cgi. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39277 CVSS:7.7

SonicWall SonicOS is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv endpoints of the web management interface. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39276 CVSS:7.7

SonicWall SonicOS is vulnerable to a denial of service, caused by a stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint of the web management interface. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

Impact

• Privilege Escalation
• Gain Access
• Denial of Service

Indicators Of Compromise

CVE

• CVE-2023-41715
• CVE-2023-41713
• CVE-2023-41712
• CVE-2023-41711
• CVE-2023-39280
• CVE-2023-39279
• CVE-2023-39278
• CVE-2023-39277
• CVE-2023-39276

Affected Vendors

Sonicwall

Affected Products

• SonicWall TZ370 7.0.1-5119
• SonicWall TZ370W 7.0.1-5119
• SonicWall TZ470 7.0.1-5119
• SonicWall TZ470W 7.0.1-5119
• SonicWall TZ570 7.0.1-5119
• SonicWall TZ570P 7.0.1-5119
• SonicWall TZ670 7.0.1-5119
• SonicWall NSa 2700 7.0.1-5119
• SonicWall NSa 3700 7.0.1-5119
• SonicWall NSa 4700 7.0.1-5119
• SonicWall NSa 5700 7.0.1-5119
• SonicWall NSsp 10700 7.0.1-5119
• SonicWall NSsp 11700 7.0.1-5119
• SonicWall NSsp 13700 7.0.1-5119
• SonicWall NSv 270 7.0.1-5119
• SonicWall NSv 470 7.0.1-5119
• SonicWall NSv 870 7.0.1-5119
• SonicWall NSa 6700 7.0.1-5119

Remediation

Refer to SonicWall Security Advisory for patch, upgrade or suggested workaround information.

SonicWall Security Advisory