CVE-2023-41715

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41715
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*
History

02 May 2025, 19:15

Type Values Removed Values Added
References (MISC) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 - Vendor Advisory () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 - Vendor Advisory

19 Oct 2023, 16:43

Type Values Removed Values Added
CPE cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*
CWE CWE-269
References (MISC) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 - (MISC) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
First Time Sonicwall tz 300p
Sonicwall nsv50
Sonicwall tz 400w
Sonicwall nsa 2650
Sonicwall nsv270
Sonicwall nsa 3600
Sonicwall sonicos
Sonicwall nsa 4650
Sonicwall nsa6700
Sonicwall nssp10700
Sonicwall tz 500w
Sonicwall nsv470
Sonicwall nsa 5600
Sonicwall nsa2700
Sonicwall tz 400
Sonicwall tz270w
Sonicwall nsv25
Sonicwall nsv400
Sonicwall nsv200
Sonicwall nsv1600
Sonicwall nsv800
Sonicwall nsv870
Sonicwall nsa4700
Sonicwall nsa 2600
Sonicwall nssp13700
Sonicwall nsa5700
Sonicwall tz570p
Sonicwall tz370w
Sonicwall nssp11700
Sonicwall nsa 4600
Sonicwall
Sonicwall nsa 5650
Sonicwall sm 9650
Sonicwall nsa 6650
Sonicwall tz270
Sonicwall nssp15700
Sonicwall tz670
Sonicwall sohow
Sonicwall tz470w
Sonicwall tz570
Sonicwall nsv100
Sonicwall tz 600p
Sonicwall tz 350
Sonicwall nsv300
Sonicwall sm 9450
Sonicwall soho 250
Sonicwall tz 300
Sonicwall soho 250w
Sonicwall nsv10
Sonicwall sm 9400
Sonicwall sm 9600
Sonicwall sm 9200
Sonicwall tz370
Sonicwall tz 500
Sonicwall tz 300w
Sonicwall tz470
Sonicwall nsa3700
Sonicwall tz 600
Sonicwall tz570w
Sonicwall nsa 3650
Sonicwall sm 9250
Sonicwall nsa 6600

18 Oct 2023, 01:28

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-17 23:15

Updated : 2025-05-02 19:15

NVD link : CVE-2023-41715

Mitre link : CVE-2023-41715

JSON object : View

Products Affected

sonicwall

  • tz670
  • sohow
  • nsv25
  • tz470w
  • nsa_5650
  • tz_300p
  • tz_400
  • nsv10
  • tz_400w
  • tz_500w
  • tz_600
  • sm_9250
  • soho_250w
  • nsv50
  • tz570
  • nsa_4600
  • nssp13700
  • nsa3700
  • nsv800
  • nssp15700
  • tz570p
  • sm_9450
  • nsa4700
  • nsa2700
  • nsv300
  • tz270
  • sm_9650
  • nsa6700
  • sm_9600
  • tz_350
  • tz_500
  • nsa_2600
  • nsa_6600
  • sm_9200
  • nssp11700
  • tz370w
  • sm_9400
  • tz_300
  • nssp10700
  • tz270w
  • nsv870
  • nsv1600
  • tz570w
  • tz470
  • nsa_3600
  • nsv100
  • nsv400
  • nsa_5600
  • nsa_3650
  • tz_600p
  • nsa_4650
  • soho_250
  • nsv200
  • nsa_2650
  • tz_300w
  • nsv270
  • nsa_6650
  • nsv470
  • nsa5700
  • tz370
  • sonicos
CWE
CWE-269

Improper Privilege Management