CVE-2023-1101

CVSS V2 None CVSS V3 None

Description

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

Overview

CVE ID
CVE-2023-1101

Assigner
PSIRT@sonicwall.com

Vulnerability Status
Analyzed

Published Version
2023-03-02T22:15:09

Last Modified Date
2023-03-14T16:42:35

Weakness Enumerations

CWE	URL
CWE-307	http://cwe.mitre.org/data/definitions/307.html
CWE-307	http://cwe.mitre.org/data/definitions/307.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:sonicwall:sonicos::::::::	1	OR	7.0.1-5111
cpe:2.3:h:sonicwall:nsa_2700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_3700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_4700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_5700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_6700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nssp_10700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nssp_11700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nssp_13700:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_270:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_470:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_870:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz270:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz270w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz370:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz370w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz470:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz470w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz570:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz570p:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz570w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz670:-:::::::*	0	OR
		AND
cpe:2.3:o:sonicwall:sonicos::::::::	1	OR	7.0.1-5083
cpe:2.3:h:sonicwall:nssp_15700:-:::::::*	0	OR
		AND
cpe:2.3:o:sonicwall:sonicos::::::::	1	OR	6.5.4.4-44v-21-1551
cpe:2.3:h:sonicwall:nsv_10:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_100:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_1600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_200:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_25:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_300:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_400:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_50:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsv_800:-:::::::*	0	OR
		AND
cpe:2.3:o:sonicwall:sonicos::::::::	1	OR	6.5.4.11-97n
cpe:2.3:h:sonicwall:nsa_2600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_2650:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_3600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_3650:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_4600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_4650:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_5600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_5650:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_6600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_6650:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_9250:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_9450:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nsa_9650:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nssp12400:-:::::::*	0	OR
cpe:2.3:h:sonicwall:nssp12800:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sm10200:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sm10400:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sm10800:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sm9200:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sm9400:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sm9600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sm9800:-:::::::*	0	OR
cpe:2.3:h:sonicwall:soho_250:-:::::::*	0	OR
cpe:2.3:h:sonicwall:soho_250w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:sohow:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz300:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz300p:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz300w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz350:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz350w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz400:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz400w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz500:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz500w:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz600:-:::::::*	0	OR
cpe:2.3:h:sonicwall:tz600p:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-1101
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1101

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 05:53:06				Added to TrackCVE
2023-04-17 05:53:08			Weakness Enumeration	new