[German]Reminder for administrators using Sonic Wall products. There is a critical vulnerability in SonicOS SSLVPN that allows an authenticated attacker to use excessive MFA codes. The vulnerability, CVE-2023-1101, received a CVSS v3 index of 4.3 from SonicWall on March 28, 2023 (see this post).
Advertising
Blog reader C.J. wrote two days ago the following in his mail "Sonicwall Firewalls new firmware for Gen6 – 6.5.4.12-101n" (thanks for the information; I translated the text):
Hello Günter,
in case it is interesting for your blog:
Sonicwall officially released a new firmware for Gen6 firewalls today. I didn't find more info than the PDF attached – and the following CVE-2023-1101.
There CVE-2023-1101 is listed with a CVSS v3.0 index of 8.8 (see following image). The SonicWall post here lists the affected products as well as the affected and the fixed versions of the software.
German magazine heise had already reported about this vulnerability in this article in March 2023. The PDF document sent by C. J. via mail describes SonicOS 6.5.4.12, which was released in April 2023. I'll extract the essential information from the release note.
SonicWall SonicOS 6.5.4.12 resolved key issues, which were found since the previous release. For more
information, refer to the Resolved Issues section.This release supports all the features and contains all the resolved issues found in previous SonicOS 6.5 releases.
SonicOS 6.5.4.12 is supported on the following SonicWall appliances:
• NSa 9650 • SuperMassive 9600 • TZ600 / TZ600P
• NSa 9450 • SuperMassive 9400 • TZ500 / TZ500 Wireless
• NSa 9250 • SuperMassive 9200 • TZ400 / TZ400 Wireless
• NSa 6650 • NSA 6600 • TZ350 / TZ350 Wireless
• NSa 5650 • NSA 5600 • TZ300 / TZ300P / TZ300 Wireless
• NSa 4650 • NSA 4600 • SOHO 250 / SOHO 250 Wireless
• NSa 3650 • NSA 3600 • SOHO Wireless
• NSa 2650 • NSA 2600Resolved issues in this release.
Refer to SonicOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability. GEN6-3862
Refer to Impact of OpenSSL Vulnerabilities Advisory Released on February 7, 2023. GEN6-3850
Refer to Impact of OpenSSL Vulnerabilities Advisory Released on February 7, 2023. GEN6-3849
Downloading signatures via proxy server when enabled was causing the download to occur only
through HTTP even for DEAG.
GEN6-3776
Under certain conditions, an incorrect interface number could be internally used by SonicOS
which may result in a restart being triggered while reporting a related event over Syslog.
GEN6-3619
In a rare race condition, SonicOS may encounter an error and restart while displaying the current
configuration in the CLI.
GEN6-3560
SonicOS error page content is spoofing a vulnerability. GEN6-3528
In a corner case, NSM synchronization may sometimes trigger a SonicOS reboot. GEN6-3388
When using IE11, GUI pages for Firewall > Access Rules and Firewall > App Rules do not show
any content.
GEN6-3375
RADIUS authentication fails when configured to operate in "Forced MSCHAPv2 mode". GEN6-3354
Scheduled backup to FTP server is not working correctly when long directory paths are
configured.
GEN6-3142Known issues in this release.
VPN management access rule still exists when "Disable auto-added VPN management rules" is
enabled.
GEN6-2567
The VLAN ID, when edited for a trunked port, reverts to the default setting after restarting the
firewall or importing the settings.
GEN6-2557
Under certain conditions SSLVPN IP leases cannot be released and may result in the IP pool being
exhausted. Logging out the users using the user status page will free up the IP addresses.
GEN6-2333
An established IPSEC VPN tunnel intermittently fails in a NAT environment. GEN6-2296
10G interface goes down after configuring it as a dedicated uplink for a Sonicwall Switch due to
negotiation issue.
Workaround: Login to switch console and enable auto negotiation on the interface which went
down.
Advertising
