CVE-2023-41713 - Vulnerability Details

Description

SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.

Published: 2023-10-17

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SonicWall

SonicOS

unknown

Version	Status	Constraints
`7.0.1-5119 and earlier versions`	affected	—
`7.0.1-5129 and earlier versions`	affected	—
`6.5.4.4-44v-21-2079 and earlier versions`	affected	—
`6.5.4.12-101n and earlier versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp13700:-:::::::*
	cpe:2.3:h:sonicwall:nssp15700:-:::::::*
	cpe:2.3:h:sonicwall:nsv10:-:::::::*
	cpe:2.3:h:sonicwall:nsv100:-:::::::*
	cpe:2.3:h:sonicwall:nsv1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv200:-:::::::*
	cpe:2.3:h:sonicwall:nsv25:-:::::::*
	cpe:2.3:h:sonicwall:nsv270:-:::::::*
	cpe:2.3:h:sonicwall:nsv300:-:::::::*
	cpe:2.3:h:sonicwall:nsv400:-:::::::*
	cpe:2.3:h:sonicwall:nsv470:-:::::::*
	cpe:2.3:h:sonicwall:nsv50:-:::::::*
	cpe:2.3:h:sonicwall:nsv800:-:::::::*
	cpe:2.3:h:sonicwall:nsv870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsv10:-:::::::*
	cpe:2.3:h:sonicwall:nsv100:-:::::::*
	cpe:2.3:h:sonicwall:nsv1600:-:::::::*
	cpe:2.3:h:sonicwall:nsv200:-:::::::*
	cpe:2.3:h:sonicwall:nsv25:-:::::::*
	cpe:2.3:h:sonicwall:nsv270:-:::::::*
	cpe:2.3:h:sonicwall:nsv300:-:::::::*
	cpe:2.3:h:sonicwall:nsv400:-:::::::*
	cpe:2.3:h:sonicwall:nsv470:-:::::::*
	cpe:2.3:h:sonicwall:nsv50:-:::::::*
	cpe:2.3:h:sonicwall:nsv800:-:::::::*
	cpe:2.3:h:sonicwall:nsv870:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-46205	SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00293.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012

History

No history.

Subscriptions

Sonicwall Nsa2700 Nsa3700 Nsa4700 Nsa5700 Nsa6700 Nsa 2600 Nsa 2650 Nsa 3600 Nsa 3650 Nsa 4600 Nsa 4650 Nsa 5600 Nsa 5650 Nsa 6600 Nsa 6650 Nssp10700 Nssp11700 Nssp13700 Nssp15700 Nsv10 Nsv100 Nsv1600 Nsv200 Nsv25 Nsv270 Nsv300 Nsv400 Nsv470 Nsv50 Nsv800 Nsv870 Sm 9200 Sm 9250 Sm 9400 Sm 9450 Sm 9600 Sm 9650 Soho 250 Soho 250w Sohow Sonicos Tz270 Tz270w Tz370 Tz370w Tz470 Tz470w Tz570 Tz570p Tz570w Tz670 Tz 300 Tz 300p Tz 300w Tz 350 Tz 400 Tz 400w Tz 500 Tz 500w Tz 600 Tz 600p

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2023-10-17T22:28:50.229Z

Updated: 2024-09-13T19:32:58.092Z

Reserved: 2023-08-30T17:07:28.452Z

Link: CVE-2023-41713

Vulnrichment

Updated: 2024-08-02T19:01:35.438Z

NVD

Status : Modified

Published: 2023-10-17T23:15:12.160

Modified: 2024-11-21T08:21:31.807

Link: CVE-2023-41713

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object