Lucene search

[email protected]CVE-2023-39276

HistoryOct 17, 2023 - 11:15 p.m.

CVE-2023-39276

2023-10-1723:15:11

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

cve-2023-39276

sonicos

post-authentication

buffer overflow

getbookmarklist.json

url endpoint

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.

Affected configurations

NVD

Node

sonicwallnsa2700Match-

sonicwallnsa3700Match-

sonicwallnsa4700Match-

sonicwallnsa5700Match-

sonicwallnsa6700Match-

sonicwallnssp10700Match-

sonicwallnssp11700Match-

sonicwallnssp13700Match-

sonicwallnssp15700Match-

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

sonicwalltz270Match-

sonicwalltz270wMatch-

sonicwalltz370Match-

sonicwalltz370wMatch-

sonicwalltz470Match-

sonicwalltz470wMatch-

sonicwalltz570Match-

sonicwalltz570pMatch-

sonicwalltz570wMatch-

sonicwalltz670Match-

AND

sonicwallsonicosRange<7.0.1-5145

Node

sonicwallnsv10Match-

sonicwallnsv100Match-

sonicwallnsv1600Match-

sonicwallnsv200Match-

sonicwallnsv25Match-

sonicwallnsv270Match-

sonicwallnsv300Match-

sonicwallnsv400Match-

sonicwallnsv470Match-

sonicwallnsv50Match-

sonicwallnsv800Match-

sonicwallnsv870Match-

AND

sonicwallsonicosRange<6.5.4.4-44v-21-2340

Node

sonicwallnsa_2600Match-

sonicwallnsa_2650Match-

sonicwallnsa_3600Match-

sonicwallnsa_3650Match-

sonicwallnsa_4600Match-

sonicwallnsa_4650Match-

sonicwallnsa_5600Match-

sonicwallnsa_5650Match-

sonicwallnsa_6600Match-

sonicwallnsa_6650Match-

sonicwallsm_9200Match-

sonicwallsm_9250Match-

sonicwallsm_9400Match-

sonicwallsm_9450Match-

sonicwallsm_9600Match-

sonicwallsm_9650Match-

sonicwallsoho_250Match-

sonicwallsoho_250wMatch-

sonicwallsohowMatch-

sonicwalltz_300Match-

sonicwalltz_300pMatch-

sonicwalltz_300wMatch-

sonicwalltz_350Match-

sonicwalltz_400Match-

sonicwalltz_400wMatch-

sonicwalltz_500Match-

sonicwalltz_500wMatch-

sonicwalltz_600Match-

sonicwalltz_600pMatch-

AND

sonicwallsonicosRange<6.5.4.13-105n

CPENameOperatorVersion
sonicwall:sonicossonicwall sonicoslt7.0.1-5145

CPE	Name	Operator	Version
sonicwall:sonicos	sonicwall sonicos	lt	7.0.1-5145

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "Management",
      "SSLVPN"
    ],
    "product": "SonicOS",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-5119 and earlier versions"
      },
      {
        "status": "affected",
        "version": "7.0.1-5129 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.4-44v-21-2079 and earlier versions"
      },
      {
        "status": "affected",
        "version": "6.5.4.12-101n and earlier versions"
      }
    ]
  }
]

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-39276

cvelist1 prion1 nvd1 nessus1