Vulnerability-Lookup

CVE-2023-5970 (GCVE-0-2023-5970)

Vulnerability from cvelistv5 – Published: 2023-12-05 20:20 – Updated: 2024-08-02 08:14

Summary

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

Severity ?

No CVSS data available.

CWE

CWE-287 - Improper Authentication

Assigner

sonicwall

References

URL

	Vendor	Product	Version
	SonicWall	SMA100	Affected: 10.2.1.9-57sv and earlier versions

FKIE_CVE-2023-5970

Vulnerability from fkie_nvd - Published: 2023-12-05 21:15 - Updated: 2024-11-21 08:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018	Vendor Advisory

Impacted products

Vendor	Product	Version
sonicwall	sma_200_firmware	*
sonicwall	sma_200	-
sonicwall	sma_210_firmware	*
sonicwall	sma_210	-
sonicwall	sma_400_firmware	*
sonicwall	sma_400	-
sonicwall	sma_410_firmware	*
sonicwall	sma_410	-
sonicwall	sma_500v_firmware	*
sonicwall	sma_500v	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4674E718-3642-4042-82DE-49B845CF2DC6",
              "versionEndIncluding": "10.2.1.9-57sv",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5990A44B-DD34-4B32-B233-9062902EBE9A",
              "versionEndIncluding": "10.2.1.9-57sv",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C82E099E-AAE1-4BD3-B0C0-38326201586C",
              "versionEndIncluding": "10.2.1.9-57sv",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E422E9C1-597B-468F-A634-23C54C1F7C74",
              "versionEndIncluding": "10.2.1.9-57sv",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70F00FF-A14D-40F3-9381-817542DE6A7D",
              "versionEndIncluding": "10.2.1.9-57sv",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass."
    },
    {
      "lang": "es",
      "value": "La autenticaci\u00f3n incorrecta en el portal de oficina virtual SMA100 SSL-VPN permite que un atacante autenticado remoto cree un usuario de dominio externo id\u00e9ntico utilizando caracteres acentuados, lo que resulta en una omisi\u00f3n de MFA."
    }
  ],
  "id": "CVE-2023-5970",
  "lastModified": "2024-11-21T08:42:53.403",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-05T21:15:07.667",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8W95-32FX-8C6H

Vulnerability from github – Published: 2023-12-05 21:31 – Updated: 2023-12-13 18:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-5970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T21:15:07Z",
    "severity": "HIGH"
  },
  "details": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.",
  "id": "GHSA-8w95-32fx-8c6h",
  "modified": "2023-12-13T18:30:59Z",
  "published": "2023-12-05T21:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5970"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-5970

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-5970

Aliases

CVE-2023-5970

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-5970",
    "id": "GSD-2023-5970"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5970"
      ],
      "details": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.",
      "id": "GSD-2023-5970",
      "modified": "2023-12-13T01:20:51.205468Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT@sonicwall.com",
        "ID": "CVE-2023-5970",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SMA100",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "10.2.1.9-57sv and earlier versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SonicWall"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-287",
                "lang": "eng",
                "value": "CWE-287 Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018",
            "refsource": "MISC",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018"
          }
        ]
      },
      "source": {
        "advisory": "SNWLID-2023-0018",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4674E718-3642-4042-82DE-49B845CF2DC6",
                    "versionEndIncluding": "10.2.1.9-57sv",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5990A44B-DD34-4B32-B233-9062902EBE9A",
                    "versionEndIncluding": "10.2.1.9-57sv",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C82E099E-AAE1-4BD3-B0C0-38326201586C",
                    "versionEndIncluding": "10.2.1.9-57sv",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E422E9C1-597B-468F-A634-23C54C1F7C74",
                    "versionEndIncluding": "10.2.1.9-57sv",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B70F00FF-A14D-40F3-9381-817542DE6A7D",
                    "versionEndIncluding": "10.2.1.9-57sv",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass."
          },
          {
            "lang": "es",
            "value": "La autenticaci\u00f3n incorrecta en el portal de oficina virtual SMA100 SSL-VPN permite que un atacante autenticado remoto cree un usuario de dominio externo id\u00e9ntico utilizando caracteres acentuados, lo que resulta en una omisi\u00f3n de MFA."
          }
        ],
        "id": "CVE-2023-5970",
        "lastModified": "2023-12-13T15:32:02.247",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-12-05T21:15:07.667",
        "references": [
          {
            "source": "PSIRT@sonicwall.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018"
          }
        ],
        "sourceIdentifier": "PSIRT@sonicwall.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-287"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-287"
              }
            ],
            "source": "PSIRT@sonicwall.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CERTFR-2023-AVI-0994

Vulnerability from certfr_avis - Published: 2023-12-05 - Updated: 2023-12-05

De multiples vulnérabilités ont été découvertes dans SonicWall SMA. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sonicwall	Secure Mobile Access	SonicWall SSL-VPN SMA100 versions 10.x antérieures à 10.2.1.10-62sv

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-5970 (GCVE-0-2023-5970)

FKIE_CVE-2023-5970

GHSA-8W95-32FX-8C6H

GSD-2023-5970

CERTFR-2023-AVI-0994

Solution

Tags

Sightings

Nomenclature