Overview

A stack-based buffer overflow vulnerability was discovered and confirmed in certain SonicOS firmware versions (SNWLID-2023-0004). This potentially allows an unauthenticated user to send a malicious request to create a Denial of Service (DoS) that may cause an impacted firewall appliance to crash.

IMPORTANT: SonicWall is not aware of active exploitation in the wild. There have not been any reports of malicious use of this vulnerability reported to SonicWall.

Product Impact

Please review the table below to see if your firewall appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.

Impacted Platforms

Impacted Version

TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, 

TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,
NSa 4700, NSa 5700, NSa 6700, NSsp 10700, 

NSsp 11700, NSsp 13700, NSv 270, NSv 470, NSv 870

 

7.0.1-5095 and older

NSsp 15700

7.0.1-5083 and older

NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, NSv 300,
NSv 400, NSv 800, NSv 1600

6.5.4.4-44v-21-1551 and earlier

 NOTE: Physical firewall appliances using SonicOS 5.x, 6.x and 6.5.x are not impacted.

Workaround

Organizations can protect themselves from external attackers by restricting management access of the firewall to only trusted sources. To do this, disable management access and instead use VPN and/or Network Security Manager (NSM) for remote access and management.

Remediation

Product

Impacted Platforms

Impacted
Version

Fixed Version

SonicWall (Gen 7) Firewalls

TZ270 TZ270W, TZ370, TZ370W TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700,
NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700,

NSv 270, NSv 470, NSv 870

7.0.1-5095 and earlier

7.0.1-5111 and later

SonicWall NSsp Firewall

NSsp 15700

7.0.1-5083 and earlier

7.0.1-5100 and later

SonicWall (Gen 6.5)
NSFirewalls

NSv 10, NSv 25, NSv 50, Nsv 100, NSv 200,

NSv, 300, NSv 400, NSv 800, NSv 1600

 

6.5.4.4-44v-21-1551 and earlier

 

TBD*

 NOTE: SonicWall expects an official firmware version with necessary patches for Gen6 NSv to be available mid-March 2023.

Related information