CVE-2023-0656: unauthenticated Denial of Service vulnerability in SONICOS

CVE-2023-0656

If you’re using SonicWall firewalls to secure your network, you need to be aware of two vulnerabilities [1, 2] that have been recently discovered in the SonicOS software. These vulnerabilities can be exploited by remote attackers to cause a denial of service (DoS) or to gain unauthorized access to your system.

CVE-2023-0656

CVE-2023-1101: SONICOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability

The first vulnerability, CVE-2023-1101, has a CVSS score of 4.3 and affects SonicOS SSLVPN. It allows an authenticated attacker to use excessive MFA codes, which could potentially bypass the authentication process and gain unauthorized access to the system. Unfortunately, there is no workaround for this vulnerability at the moment.

The below SonicWall appliances are impacted by this vulnerability.

Impacted Platforms Impacted Version
TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W,

TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,
NSa 4700, NSa 5700, NSa 6700, NSsp 10700,

NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870

7.0.1-5095 and earlier versions
NSsp 15700 7.0.1-5083 and earlier versions
NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300,
NSv 400, NSv 800, NSv 1600
6.5.4.4-44v-21-1551 and earlier versions
SOHOW, SOHO 250, SOHO 250W, TZ300, TZ300P,
TZ300W, TZ350, TZ350W, TZ400, TZ400W, TZ500,
TZ500W, TZ600, TZ600P , NSA 2600, NSA3600,
NSA4600, NSA5600, NSA6600, SM9200, SM9400,
SM9600, SM9800, SM10200, SM10400,
SM10800, NSsp12400, NSsp12800
6.5.4.11-97n and earlier versions
NSa 2650, NSa3650, NSa4650, NSa5650,
NSa6650, NSa9250, NSa9450, NSa9650
6.5.4.11-97n and earlier versions

CVE-2023-0656: SONICOS Unauthenticated Stack-Based Buffer Overflow Vulnerability

The second vulnerability, CVE-2023-0656, is higher and has a CVSS score of 7.5. It affects the SonicOS software and allows a remote unauthenticated attacker to cause DoS by exploiting a stack-based buffer overflow vulnerability. The impact of this vulnerability can be severe, as it could cause the impacted firewall to crash. However, it’s worth noting that this vulnerability only impacts the “web management” interface, and the SonicOS SSLVPN interface is not affected.

The below SonicWall appliances are impacted by this vulnerability.

Impacted Platforms Impacted Version
TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W,

TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,
NSa 4700, NSa 5700, NSa 6700, NSsp 10700,

NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870

7.0.1-5095 and earlier versions
NSsp 15700 7.0.1-5083 and earlier versions
NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300,
NSv 400, NSv 800, NSv 1600
6.5.4.4-44v-21-1551 and earlier versions

SonicWall PSIRT is not aware of any active exploitation in the wild, and no proof of concept has been made public yet. Nevertheless, SonicWall strongly urges organizations using impacted SonicWall firewalls to take the necessary precautions to protect their system.

Protecting Your SonicWall Firewall

SonicWall has released patches to address these vulnerabilities. However, until the patches can be applied, SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources by modifying the existing SonicOS Management access rules. This will ensure that management access is only allowed from trusted source IP addresses, reducing the risk of unauthorized access.

In conclusion, the two vulnerabilities discovered in the SonicOS software can be exploited by remote attackers to cause DoS or gain unauthorized access to your system. It’s essential to take the necessary precautions to protect your SonicWall firewall until the patches can be applied. Follow SonicWall’s guidance and limit SonicOS management access to trusted sources to reduce the risk of unauthorized access. Stay safe and secure!