Lucene search

K
cve[email protected]CVE-2023-6340
HistoryJan 18, 2024 - 12:15 a.m.

CVE-2023-6340

2024-01-1800:15:38
CWE-121
CWE-787
web.nvd.nist.gov
8
21
sonicwall
capture client
netextender
dos
cve-2023-6340
vulnerability
stack-based buffer overflow

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

SonicWall Capture Client version 3.7.10,Β NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

Affected configurations

NVD
Node
sonicwallcapture_clientRange≀3.7.10
OR
sonicwallnetextenderRange≀10.2.337windows

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows"
    ],
    "product": "Capture Client",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.10 and earlier versions"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows",
      "64 bit",
      "32 bit"
    ],
    "product": "NetExtender",
    "vendor": "SonicWall",
    "versions": [
      {
        "status": "affected",
        "version": "10.2.337 and earlier versions"
      }
    ]
  }
]

Social References

More

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2023-6340