SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Sonicwall
  • Tz370w
  • Nsa 4600
  • Nsv 1600
  • Sm9200
  • Sm10400
  • Tz400w
  • Nsa 2700
  • Nsa 3650
  • Nsa 9250
  • Sm9400
  • Nsa 4650
  • Nsa 5650
  • Tz400
  • Tz570
  • Nsv 200
  • Nsv 870
  • Nsv 100
  • Tz270
  • Nsa 6600
  • Tz350
  • Tz600
  • Tz370
  • Nsv 50
  • Sm10800
  • Tz300p
  • Nsv 25
  • Nsa 9450
  • Tz300w
  • Tz670
  • Sm9800
  • Nssp12800
  • Tz500
  • Tz350w
  • Nsa 6650
  • Sm10200
  • Tz500w
  • Nsv 400
  • Tz300
  • Nssp 13700
  • Nsv 800
  • Nsa 2600
  • Soho 250
  • Tz570p
  • Nsv 300
  • Nsa 5700
  • Tz470
  • Nsa 5600
  • Sonicos
  • Nssp 11700
  • Nsa 3700
  • Sm9600
  • Sohow
  • Soho 250w
  • Nsa 2650
  • Nsa 4700
  • Nsv 470
  • Tz270w
  • Tz570w
  • Nsa 6700
  • Tz600p
  • Nsa 3600
  • Nssp 10700
  • Nsa 9650
  • Tz470w
  • Nssp 15700
  • Nsv 10
  • Nsv 270
  • Nssp12400

Configuration 1 [-]

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa_2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_10700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_11700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_13700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_870:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp_15700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsv_10:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_100:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_1600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_25:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_50:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv_800:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9450:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_9650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp12400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp12800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm10200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm10400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm10800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm9200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm9400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm9600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm9800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz300w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz350w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz400w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz500w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz600p:-:*:*:*:*:*:*:*
References
Link Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: sonicwall

Published: 2023-03-02T00:00:00

Updated: 2023-03-02T00:00:00

Reserved: 2023-02-28T00:00:00

Link: CVE-2023-1101

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-03-02T22:15:09.560

Modified: 2023-03-14T16:42:35.137

Link: CVE-2023-1101

JSON object: View

cve-icon Redhat Information

No data.

CWE