Vulnerabilities > CVE-2023-6340 - Out-of-bounds Write vulnerability in Sonicwall Capture Client and Netextender

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

sonicwall

CWE-787

NVD

Published: 2024-01-18

Updated: 2024-01-29

Summary

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Sonicwall Sonicwall Netextender - Sonicwall Netextender 7.5 Sonicwall Netextender 7.5.226 Sonicwall Netextender 7.5.227 Sonicwall Netextender 8.0 Sonicwall Netextender 8.0.236 Sonicwall Netextender 8.0.238 Sonicwall Netextender 9.0.815 Sonicwall Netextender 10.2.300 Sonicwall Netextender 10.2.322 Sonicwall Netextender 10.2.336 Sonicwall Netextender 10.2.337 Sonicwall Capture Client 3.5 Sonicwall Capture Client 3.7.10	14

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019