Warning - A BUFFER OVERFLOW VULNERABILITY IN SONICOS COULD LEAD TO DENIAL OF SERVICE (DOS) ATTACK
SonicWall FireWalls 7.0.1-5095 and earlier
SonicWall NSsp Firewall 7.0.1-5083 and earlier
SonicWall NSv Firewalls 188.8.131.52-44v-21-1551 and earlier
Unauthenticated stack-based buffer overflow
|Security Advisory (sonicwall.com)|
|NVD - CVE-2023-0656 (nist.gov)|
Successful exploitation of CVE-2023-0656 can allow an unauthenticated attacker to cause a Denial-of-Service (DoS) attack and crash impacted firewalls.
A stack-based buffer overflow vulnerability in the SonicOS software can lead to a DoS attack. This impacts only the web management interface. The SonicOS SSLVPN interface is not affected. The vendor has provided a table with the products and the specific impacted platforms and versions affected.
As of this moment there are no known proof-of-concept (PoC) and exploitation attempts, but the publication of the vulnerability is recent.
The CCB recommends following actions depending on the product:
- For SonicWall FireWalls an upgrade to version 7.0.1-5111 and higher is recommended.
- For the other products affected (or if an upgrade for the product mentioned above is not possible), restricting management access to trusted sources by modifying SonicOS Management access rules (SSH/HTTPS/HTTP Management) is advised. More info can be found here.