CVE-2023-1101

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sonicwall ≫ Sonicos Version < 7.0.1-5111

   Sonicwall ≫ Nsa 2700 Version-
   Sonicwall ≫ Nsa 3700 Version-
   Sonicwall ≫ Nsa 4700 Version-
   Sonicwall ≫ Nsa 5700 Version-
   Sonicwall ≫ Nsa 6700 Version-
   Sonicwall ≫ Nssp 10700 Version-
   Sonicwall ≫ Nssp 11700 Version-
   Sonicwall ≫ Nssp 13700 Version-
   Sonicwall ≫ Nsv 270 Version-
   Sonicwall ≫ Nsv 470 Version-
   Sonicwall ≫ Nsv 870 Version-
   Sonicwall ≫ Tz270 Version-
   Sonicwall ≫ Tz270w Version-
   Sonicwall ≫ Tz370 Version-
   Sonicwall ≫ Tz370w Version-
   Sonicwall ≫ Tz470 Version-
   Sonicwall ≫ Tz470w Version-
   Sonicwall ≫ Tz570 Version-
   Sonicwall ≫ Tz570p Version-
   Sonicwall ≫ Tz570w Version-
   Sonicwall ≫ Tz670 Version-

Sonicwall ≫ Sonicos Version <= 7.0.1-5083

Sonicwall ≫ Nssp 15700 Version-

Sonicwall ≫ Sonicos Version <= 6.5.4.4-44v-21-1551

   Sonicwall ≫ Nsv 10 Version-
   Sonicwall ≫ Nsv 100 Version-
   Sonicwall ≫ Nsv 1600 Version-
   Sonicwall ≫ Nsv 200 Version-
   Sonicwall ≫ Nsv 25 Version-
   Sonicwall ≫ Nsv 300 Version-
   Sonicwall ≫ Nsv 400 Version-
   Sonicwall ≫ Nsv 50 Version-
   Sonicwall ≫ Nsv 800 Version-

Sonicwall ≫ Sonicos Version <= 6.5.4.11-97n

   Sonicwall ≫ Nsa 2600 Version-
   Sonicwall ≫ Nsa 2650 Version-
   Sonicwall ≫ Nsa 3600 Version-
   Sonicwall ≫ Nsa 3650 Version-
   Sonicwall ≫ Nsa 4600 Version-
   Sonicwall ≫ Nsa 4650 Version-
   Sonicwall ≫ Nsa 5600 Version-
   Sonicwall ≫ Nsa 5650 Version-
   Sonicwall ≫ Nsa 6600 Version-
   Sonicwall ≫ Nsa 6650 Version-
   Sonicwall ≫ Nsa 9250 Version-
   Sonicwall ≫ Nsa 9450 Version-
   Sonicwall ≫ Nsa 9650 Version-
   Sonicwall ≫ Nssp12400 Version-
   Sonicwall ≫ Nssp12800 Version-
   Sonicwall ≫ Sm10200 Version-
   Sonicwall ≫ Sm10400 Version-
   Sonicwall ≫ Sm10800 Version-
   Sonicwall ≫ Sm9200 Version-
   Sonicwall ≫ Sm9400 Version-
   Sonicwall ≫ Sm9600 Version-
   Sonicwall ≫ Sm9800 Version-
   Sonicwall ≫ Soho 250 Version-
   Sonicwall ≫ Soho 250w Version-
   Sonicwall ≫ Sohow Version-
   Sonicwall ≫ Tz300 Version-
   Sonicwall ≫ Tz300p Version-
   Sonicwall ≫ Tz300w Version-
   Sonicwall ≫ Tz350 Version-
   Sonicwall ≫ Tz350w Version-
   Sonicwall ≫ Tz400 Version-
   Sonicwall ≫ Tz400w Version-
   Sonicwall ≫ Tz500 Version-
   Sonicwall ≫ Tz500w Version-
   Sonicwall ≫ Tz600 Version-
   Sonicwall ≫ Tz600p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.544

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD