CVE-2023-41715

EPSS 0.34%
Published 17.10.2023 23:15:12
Last modified 02.05.2025 19:15:55
Source PSIRT@sonicwall.com
Teams watchlist Login
Open Login

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Sonicwall ≫ Sonicos Version < 7.0.1-5145

   Sonicwall ≫ Nsa2700 Version-
   Sonicwall ≫ Nsa3700 Version-
   Sonicwall ≫ Nsa4700 Version-
   Sonicwall ≫ Nsa5700 Version-
   Sonicwall ≫ Nsa6700 Version-
   Sonicwall ≫ Nssp10700 Version-
   Sonicwall ≫ Nssp11700 Version-
   Sonicwall ≫ Nssp13700 Version-
   Sonicwall ≫ Nssp15700 Version-
   Sonicwall ≫ Nsv10 Version-
   Sonicwall ≫ Nsv100 Version-
   Sonicwall ≫ Nsv1600 Version-
   Sonicwall ≫ Nsv200 Version-
   Sonicwall ≫ Nsv25 Version-
   Sonicwall ≫ Nsv270 Version-
   Sonicwall ≫ Nsv300 Version-
   Sonicwall ≫ Nsv400 Version-
   Sonicwall ≫ Nsv470 Version-
   Sonicwall ≫ Nsv50 Version-
   Sonicwall ≫ Nsv800 Version-
   Sonicwall ≫ Nsv870 Version-
   Sonicwall ≫ Tz270 Version-
   Sonicwall ≫ Tz270w Version-
   Sonicwall ≫ Tz370 Version-
   Sonicwall ≫ Tz370w Version-
   Sonicwall ≫ Tz470 Version-
   Sonicwall ≫ Tz470w Version-
   Sonicwall ≫ Tz570 Version-
   Sonicwall ≫ Tz570p Version-
   Sonicwall ≫ Tz570w Version-
   Sonicwall ≫ Tz670 Version-

Sonicwall ≫ Sonicos Version < 6.5.4.4-44v-21-2340

   Sonicwall ≫ Nsv10 Version-
   Sonicwall ≫ Nsv100 Version-
   Sonicwall ≫ Nsv1600 Version-
   Sonicwall ≫ Nsv200 Version-
   Sonicwall ≫ Nsv25 Version-
   Sonicwall ≫ Nsv270 Version-
   Sonicwall ≫ Nsv300 Version-
   Sonicwall ≫ Nsv400 Version-
   Sonicwall ≫ Nsv470 Version-
   Sonicwall ≫ Nsv50 Version-
   Sonicwall ≫ Nsv800 Version-
   Sonicwall ≫ Nsv870 Version-

Sonicwall ≫ Sonicos Version < 6.5.4.13-105n

   Sonicwall ≫ Nsa 2600 Version-
   Sonicwall ≫ Nsa 2650 Version-
   Sonicwall ≫ Nsa 3600 Version-
   Sonicwall ≫ Nsa 3650 Version-
   Sonicwall ≫ Nsa 4600 Version-
   Sonicwall ≫ Nsa 4650 Version-
   Sonicwall ≫ Nsa 5600 Version-
   Sonicwall ≫ Nsa 5650 Version-
   Sonicwall ≫ Nsa 6600 Version-
   Sonicwall ≫ Nsa 6650 Version-
   Sonicwall ≫ Sm 9200 Version-
   Sonicwall ≫ Sm 9250 Version-
   Sonicwall ≫ Sm 9400 Version-
   Sonicwall ≫ Sm 9450 Version-
   Sonicwall ≫ Sm 9600 Version-
   Sonicwall ≫ Sm 9650 Version-
   Sonicwall ≫ Soho 250 Version-
   Sonicwall ≫ Soho 250w Version-
   Sonicwall ≫ Sohow Version-
   Sonicwall ≫ Tz 300 Version-
   Sonicwall ≫ Tz 300p Version-
   Sonicwall ≫ Tz 300w Version-
   Sonicwall ≫ Tz 350 Version-
   Sonicwall ≫ Tz 400 Version-
   Sonicwall ≫ Tz 400w Version-
   Sonicwall ≫ Tz 500 Version-
   Sonicwall ≫ Tz 500w Version-
   Sonicwall ≫ Tz 600 Version-
   Sonicwall ≫ Tz 600p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.562

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-41715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41715

EUVD