CVE-2023-39277
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
17/10/2023
Last modified:
19/10/2023
Description
<br />
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* | 7.0.1-5145 (excluding) | |
| cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page