{"id":280224,"date":"2023-04-27T11:16:33","date_gmt":"2023-04-27T09:16:33","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=280224"},"modified":"2023-06-04T22:50:37","modified_gmt":"2023-06-04T20:50:37","slug":"sonicos-sslvpn-schwachstelle-cve-2023-1101-bei-mfa-neue-firmware-fr-gen6-firewalls-6-5-4-12-101n","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2023\/04\/27\/sonicos-sslvpn-schwachstelle-cve-2023-1101-bei-mfa-neue-firmware-fr-gen6-firewalls-6-5-4-12-101n\/","title":{"rendered":"SonicOS SSLVPN: Schwachstelle CVE-2023-1101 bei MFA – neue Firmware für Gen6-Firewalls (6.5.4.12-101n)"},"content":{"rendered":"

\"Sicherheit[English<\/a>]Kleine Erinnerung f\u00fcr Administratoren, die Produkte von Sonic Wall verwenden. In SonicOS SSLVPN gibt es eine kritische Schwachstelle, die einem authentifizierten Angreifer erm\u00f6glicht, exzessive MFA-Codes zu verwenden. Die Schwachstelle CVE-2023-1101 hat von SonicWall am 28. M\u00e4rz 2023 den CVSS v3-Index von 4.3 erhalten (siehe diesen Beitrag<\/a>). Blog-Leser C.J. hat mich in einer Mail darauf hingewiesen, dass es eine neue Firmware f\u00fcr Gen6 – 6.5.4.12-101n gebe.<\/p>\n

<\/p>\n

\"\"Blog-Leser C.J. schrieb in seiner Mail \"Sonicwall Firewalls neue Firmware f\u00fcr Gen6 – 6.5.4.12-101n\" folgendes (danke f\u00fcr die Information):<\/p>\n

Hallo G\u00fcnter,<\/p>\n

falls es f\u00fcr Deinen Blog interessant ist:<\/p>\n

Sonicwall hat heute offiziell eine neue Firmware f\u00fcr Gen6-Firewalls herausgegeben. Mehr Infos habe ich nicht gefunden als das PDF im Anhang – und folgende CVE-2023-1101<\/a>.<\/p><\/blockquote>\n

Dort wird CVE-2023-1101<\/a> mit einem CVSS v3.0-Index von 8.8 aufgelistet (siehe nachfolgendes Bild). Der SonicWall-Beitrag hier listet<\/a> die betroffenen Produkte sowie die betroffenen und die gefixten Versionen der Software auf.<\/p>\n

Heise hatte bereits im M\u00e4rz 2023 in diesem Beitrag \u00fcber diese Schwachstelle<\/a> berichtet. Das von C. J. per Mail geschickte PDF-Dokument beschreibt\u00a0 SonicOS 6.5.4.12, welches im April 2023 ver\u00f6ffentlicht wurde. Ich hiehe mal die wesentlichen Informationen aus der Release Note heraus.<\/p>\n

SonicWall SonicOS 6.5.4.12 resolved key issues, which were found since the previous release. For more
\ninformation, refer to the Resolved Issues section.<\/p>\n

This release supports all the features and contains all the resolved issues found in previous SonicOS 6.5 releases.<\/p>\n

SonicOS 6.5.4.12 is supported on the following SonicWall appliances:<\/p>\n

\u2022 NSa 9650\u00a0 \u2022 SuperMassive 9600\u00a0 \u2022 TZ600 \/ TZ600P
\n\u2022 NSa 9450\u00a0 \u2022 SuperMassive 9400\u00a0 \u2022 TZ500 \/ TZ500 Wireless
\n\u2022 NSa 9250\u00a0 \u2022 SuperMassive 9200\u00a0 \u2022 TZ400 \/ TZ400 Wireless
\n\u2022 NSa 6650\u00a0 \u2022 NSA 6600\u00a0 \u2022 TZ350 \/ TZ350 Wireless
\n\u2022 NSa 5650\u00a0 \u2022 NSA 5600\u00a0 \u2022 TZ300 \/ TZ300P \/ TZ300 Wireless
\n\u2022 NSa 4650\u00a0 \u2022 NSA 4600\u00a0 \u2022 SOHO 250 \/ SOHO 250 Wireless
\n\u2022 NSa 3650\u00a0 \u2022 NSA 3600\u00a0 \u2022 SOHO Wireless
\n\u2022 NSa 2650\u00a0 \u2022 NSA 2600<\/p>\n

Resolved issues in this release.<\/p>\n

Refer to SonicOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability. GEN6-3862<\/a>
\nRefer to Impact of OpenSSL Vulnerabilities Advisory Released on February 7, 2023. GEN6-3850<\/a>
\nRefer to Impact of OpenSSL Vulnerabilities Advisory Released on February 7, 2023. GEN6-3849<\/a>
\nDownloading signatures via proxy server when enabled was causing the download to occur only
\nthrough HTTP even for DEAG.
\nGEN6-3776
\nUnder certain conditions, an incorrect interface number could be internally used by SonicOS
\nwhich may result in a restart being triggered while reporting a related event over Syslog.
\nGEN6-3619
\nIn a rare race condition, SonicOS may encounter an error and restart while displaying the current
\nconfiguration in the CLI.
\nGEN6-3560
\nSonicOS error page content is spoofing a vulnerability. GEN6-3528
\nIn a corner case, NSM synchronization may sometimes trigger a SonicOS reboot. GEN6-3388
\nWhen using IE11, GUI pages for Firewall > Access Rules and Firewall > App Rules do not show
\nany content.
\nGEN6-3375
\nRADIUS authentication fails when configured to operate in \"Forced MSCHAPv2 mode\". GEN6-3354
\nScheduled backup to FTP server is not working correctly when long directory paths are
\nconfigured.
\nGEN6-3142<\/p>\n

Known issues in this release.<\/p>\n

VPN management access rule still exists when \"Disable auto-added VPN management rules\" is
\nenabled.
\nGEN6-2567
\nThe VLAN ID, when edited for a trunked port, reverts to the default setting after restarting the
\nfirewall or importing the settings.
\nGEN6-2557
\nUnder certain conditions SSLVPN IP leases cannot be released and may result in the IP pool being
\nexhausted. Logging out the users using the user status page will free up the IP addresses.
\nGEN6-2333
\nAn established IPSEC VPN tunnel intermittently fails in a NAT environment. GEN6-2296
\n10G interface goes down after configuring it as a dedicated uplink for a Sonicwall Switch due to
\nnegotiation issue.
\nWorkaround: Login to switch console and enable auto negotiation on the interface which went
\ndown.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

[English]Kleine Erinnerung f\u00fcr Administratoren, die Produkte von Sonic Wall verwenden. In SonicOS SSLVPN gibt es eine kritische Schwachstelle, die einem authentifizierten Angreifer erm\u00f6glicht, exzessive MFA-Codes zu verwenden. Die Schwachstelle CVE-2023-1101 hat von SonicWall am 28. M\u00e4rz 2023 den CVSS v3-Index … Weiterlesen →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,7459],"tags":[4328,3836],"class_list":["post-280224","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-software","tag-sicherheit","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/280224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=280224"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/280224\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=280224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=280224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=280224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}