CVE-2023-0656: unauthenticated Denial of Service vulnerability in SONICOS
If you’re using SonicWall firewalls to secure your network, you need to be aware of two vulnerabilities [1, 2] that have been recently discovered in the SonicOS software. These vulnerabilities can be exploited by remote attackers to cause a denial of service (DoS) or to gain unauthorized access to your system.
CVE-2023-1101: SONICOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability
The first vulnerability, CVE-2023-1101, has a CVSS score of 4.3 and affects SonicOS SSLVPN. It allows an authenticated attacker to use excessive MFA codes, which could potentially bypass the authentication process and gain unauthorized access to the system. Unfortunately, there is no workaround for this vulnerability at the moment.
The below SonicWall appliances are impacted by this vulnerability.
| Impacted Platforms | Impacted Version |
| TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W,
TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870 |
7.0.1-5095 and earlier versions |
| NSsp 15700 | 7.0.1-5083 and earlier versions |
| NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 1600 |
6.5.4.4-44v-21-1551 and earlier versions |
| SOHOW, SOHO 250, SOHO 250W, TZ300, TZ300P, TZ300W, TZ350, TZ350W, TZ400, TZ400W, TZ500, TZ500W, TZ600, TZ600P , NSA 2600, NSA3600, NSA4600, NSA5600, NSA6600, SM9200, SM9400, SM9600, SM9800, SM10200, SM10400, SM10800, NSsp12400, NSsp12800 |
6.5.4.11-97n and earlier versions |
| NSa 2650, NSa3650, NSa4650, NSa5650, NSa6650, NSa9250, NSa9450, NSa9650 |
6.5.4.11-97n and earlier versions |
CVE-2023-0656: SONICOS Unauthenticated Stack-Based Buffer Overflow Vulnerability
The second vulnerability, CVE-2023-0656, is higher and has a CVSS score of 7.5. It affects the SonicOS software and allows a remote unauthenticated attacker to cause DoS by exploiting a stack-based buffer overflow vulnerability. The impact of this vulnerability can be severe, as it could cause the impacted firewall to crash. However, it’s worth noting that this vulnerability only impacts the “web management” interface, and the SonicOS SSLVPN interface is not affected.
The below SonicWall appliances are impacted by this vulnerability.
| Impacted Platforms | Impacted Version |
| TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W,
TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870 |
7.0.1-5095 and earlier versions |
| NSsp 15700 | 7.0.1-5083 and earlier versions |
| NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300, NSv 400, NSv 800, NSv 1600 |
6.5.4.4-44v-21-1551 and earlier versions |
SonicWall PSIRT is not aware of any active exploitation in the wild, and no proof of concept has been made public yet. Nevertheless, SonicWall strongly urges organizations using impacted SonicWall firewalls to take the necessary precautions to protect their system.
Protecting Your SonicWall Firewall
SonicWall has released patches to address these vulnerabilities. However, until the patches can be applied, SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources by modifying the existing SonicOS Management access rules. This will ensure that management access is only allowed from trusted source IP addresses, reducing the risk of unauthorized access.
In conclusion, the two vulnerabilities discovered in the SonicOS software can be exploited by remote attackers to cause DoS or gain unauthorized access to your system. It’s essential to take the necessary precautions to protect your SonicWall firewall until the patches can be applied. Follow SonicWall’s guidance and limit SonicOS management access to trusted sources to reduce the risk of unauthorized access. Stay safe and secure!
