SonicWall SonicOS Multiple Vulnerabilities (SNWLID-2023-0012)

high Nessus Plugin ID 189995

Synopsis

The remote host is affected by multiple vulnerabilities including Stack-Based Buffer Overflow, Use of Hard-coded Password, and Improper Privilege Management.

Description

According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by multiple vulnerabilities with impact to SonicOS Management Web Interface and SSLVPN Portal, but not SonicWall SSLVPN SMA100 and SMA1000 series products. These vulnerabilities include:

- Post-authentication Stack-Based Buffer Overflow Vulnerability that leads to a firewall crash in:
- getBookmarkList.json (CVE-2023-39276)
- sonicflow.csv, appflowsessions.csv (CVE-2023-39277)
- main.cgi (CVE-2023-39278)
- getPacketReplayData.json (CVE-2023-39279)
- gssoStats-s.xml, ssoStats-s.wri (CVE-2023-39280)
- sonicwall.exp, prefs.exp (CVE-2023-41711)
- SSL VPN plainprefs.exp (CVE-2023-41712)

- SonicOS Use of Hard-coded Password vulnerability in the dynHandleBuyToolbar demo function. (CVE-2023-41713)

- SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. (CVE-2023-41715)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in the vendor security advisory.

See Also

http://www.nessus.org/u?29741d06

Plugin Details

Severity: High

ID: 189995

File Name: sonicwall_SNWLID-2023-0012.nasl

Version: 1.1

Type: combined

Family: Firewalls

Published: 2/5/2024

Updated: 2/6/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-41715

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:sonicwall:sonicos

Required KB Items: Host/OS

Exploit Ease: No known exploits are available

Patch Publication Date: 10/17/2023

Vulnerability Publication Date: 10/17/2023

Reference Information

CVE: CVE-2023-39276, CVE-2023-39277, CVE-2023-39278, CVE-2023-39279, CVE-2023-39280, CVE-2023-41711, CVE-2023-41712, CVE-2023-41713, CVE-2023-41715