{"id":29481,"date":"2023-04-28T05:30:34","date_gmt":"2023-04-28T03:30:34","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=29481"},"modified":"2023-06-03T16:55:06","modified_gmt":"2023-06-03T14:55:06","slug":"sonicos-sslvpn-cve-2023-1101-at-mfa-new-firmware-for-gen6-firewalls-6-5-4-12-101n","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/04\/28\/sonicos-sslvpn-cve-2023-1101-at-mfa-new-firmware-for-gen6-firewalls-6-5-4-12-101n\/","title":{"rendered":"SonicOS SSLVPN: CVE-2023-1101 at MFA – new firmware for Gen6 firewalls (6.5.4.12-101n)"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Reminder for administrators using Sonic Wall products. There is a critical vulnerability in SonicOS SSLVPN that allows an authenticated attacker to use excessive MFA codes. The vulnerability, CVE-2023-1101, received a CVSS v3 index of 4.3 from SonicWall on March 28, 2023 (see this post<\/a>).<\/p>\n

<\/p>\n

\"\"Blog reader C.J. wrote two days ago the following in his mail \"Sonicwall Firewalls new firmware for Gen6 – 6.5.4.12-101n\" (thanks for the information; I translated the text):<\/p>\n

Hello G\u00fcnter,<\/p>\n

in case it is interesting for your blog:<\/p>\n

Sonicwall officially released a new firmware for Gen6 firewalls today. I didn't find more info than the PDF attached – and the following CVE-2023-1101<\/a>.<\/p><\/blockquote>\n

There CVE-2023-1101<\/a> is listed with a CVSS v3.0 index of 8.8 (see following image). The SonicWall post here<\/a> lists the affected products as well as the affected and the fixed versions of the software.<\/p>\n

German magazine heise had already reported about this vulnerability in this article<\/a> in March 2023. The PDF document sent by C. J. via mail describes SonicOS 6.5.4.12, which was released in April 2023. I'll extract the essential information from the release note.<\/p>\n

SonicWall SonicOS 6.5.4.12 resolved key issues, which were found since the previous release. For more
\ninformation, refer to the Resolved Issues section.<\/p>\n

This release supports all the features and contains all the resolved issues found in previous SonicOS 6.5 releases.<\/p>\n

SonicOS 6.5.4.12 is supported on the following SonicWall appliances:<\/p>\n

\u2022 NSa 9650\u00a0 \u2022 SuperMassive 9600\u00a0 \u2022 TZ600 \/ TZ600P
\n\u2022 NSa 9450\u00a0 \u2022 SuperMassive 9400\u00a0 \u2022 TZ500 \/ TZ500 Wireless
\n\u2022 NSa 9250\u00a0 \u2022 SuperMassive 9200\u00a0 \u2022 TZ400 \/ TZ400 Wireless
\n\u2022 NSa 6650\u00a0 \u2022 NSA 6600\u00a0 \u2022 TZ350 \/ TZ350 Wireless
\n\u2022 NSa 5650\u00a0 \u2022 NSA 5600\u00a0 \u2022 TZ300 \/ TZ300P \/ TZ300 Wireless
\n\u2022 NSa 4650\u00a0 \u2022 NSA 4600\u00a0 \u2022 SOHO 250 \/ SOHO 250 Wireless
\n\u2022 NSa 3650\u00a0 \u2022 NSA 3600\u00a0 \u2022 SOHO Wireless
\n\u2022 NSa 2650\u00a0 \u2022 NSA 2600<\/p>\n

Resolved issues in this release.<\/p>\n

Refer to SonicOS SSLVPN Improper Restriction of Excessive MFA Attempts Vulnerability. GEN6-3862<\/a>
\nRefer to Impact of OpenSSL Vulnerabilities Advisory Released on February 7, 2023. GEN6-3850
\nRefer to Impact of OpenSSL Vulnerabilities Advisory Released on February 7, 2023. GEN6-3849
\nDownloading signatures via proxy server when enabled was causing the download to occur only
\nthrough HTTP even for DEAG.
\nGEN6-3776
\nUnder certain conditions, an incorrect interface number could be internally used by SonicOS
\nwhich may result in a restart being triggered while reporting a related event over Syslog.
\nGEN6-3619
\nIn a rare race condition, SonicOS may encounter an error and restart while displaying the current
\nconfiguration in the CLI.
\nGEN6-3560
\nSonicOS error page content is spoofing a vulnerability. GEN6-3528
\nIn a corner case, NSM synchronization may sometimes trigger a SonicOS reboot. GEN6-3388
\nWhen using IE11, GUI pages for Firewall > Access Rules and Firewall > App Rules do not show
\nany content.
\nGEN6-3375
\nRADIUS authentication fails when configured to operate in \"Forced MSCHAPv2 mode\". GEN6-3354
\nScheduled backup to FTP server is not working correctly when long directory paths are
\nconfigured.
\nGEN6-3142<\/p>\n

Known issues in this release.<\/p>\n

VPN management access rule still exists when \"Disable auto-added VPN management rules\" is
\nenabled.
\nGEN6-2567
\nThe VLAN ID, when edited for a trunked port, reverts to the default setting after restarting the
\nfirewall or importing the settings.
\nGEN6-2557
\nUnder certain conditions SSLVPN IP leases cannot be released and may result in the IP pool being
\nexhausted. Logging out the users using the user status page will free up the IP addresses.
\nGEN6-2333
\nAn established IPSEC VPN tunnel intermittently fails in a NAT environment. GEN6-2296
\n10G interface goes down after configuring it as a dedicated uplink for a Sonicwall Switch due to
\nnegotiation issue.
\nWorkaround: Login to switch console and enable auto negotiation on the interface which went
\ndown.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

[German]Reminder for administrators using Sonic Wall products. There is a critical vulnerability in SonicOS SSLVPN that allows an authenticated attacker to use excessive MFA codes. The vulnerability, CVE-2023-1101, received a CVSS v3 index of 4.3 from SonicWall on March 28, … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69],"class_list":["post-29481","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/29481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=29481"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/29481\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=29481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=29481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=29481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}