Details of VAR-202312-0929

ID

VAR-202312-0929

CVE

CVE-2023-5970

TITLE

plural SonicWALL Product certification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-019948

DESCRIPTION

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass. SMA200 firmware, SMA210 firmware, SMA400 firmware etc. SonicWALL The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-5970 // JVNDB: JVNDB-2023-019948

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma 200	scope:	lte	version:	10.2.1.9-57sv	Trust: 1.0
vendor:	sonicwall	model:	sma 400	scope:	lte	version:	10.2.1.9-57sv	Trust: 1.0
vendor:	sonicwall	model:	sma 500v	scope:	lte	version:	10.2.1.9-57sv	Trust: 1.0
vendor:	sonicwall	model:	sma 410	scope:	lte	version:	10.2.1.9-57sv	Trust: 1.0
vendor:	sonicwall	model:	sma 210	scope:	lte	version:	10.2.1.9-57sv	Trust: 1.0
vendor:	sonicwall	model:	sma500v	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma200	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma400	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma410	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sma210	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-019948 // NVD: CVE-2023-5970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-5970
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-5970
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-5970
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-5970
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-019948 // NVD: CVE-2023-5970

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-019948 // NVD: CVE-2023-5970

EXTERNAL IDS

db:	NVD	id:	CVE-2023-5970	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-019948	Trust: 0.8

sources: JVNDB: JVNDB-2023-019948 // NVD: CVE-2023-5970

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2023-0018	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-5970	Trust: 0.8

sources: JVNDB: JVNDB-2023-019948 // NVD: CVE-2023-5970

SOURCES

db:	JVNDB	id:	JVNDB-2023-019948
db:	NVD	id:	CVE-2023-5970

LAST UPDATE DATE

2024-08-14T15:10:24.868000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-019948	date:	2024-01-15T05:57:00
db:	NVD	id:	CVE-2023-5970	date:	2023-12-13T15:32:02.247

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-019948	date:	2024-01-15T00:00:00
db:	NVD	id:	CVE-2023-5970	date:	2023-12-05T21:15:07.667