Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.
The vulnerability stems from the use of a format string controlled by external input (Use of Externally-Controlled Format String, CWE-134). An attacker can send a specially crafted request to the SSL VPN interface without needing to have authentication. Improper processing of the format string by the vulnerable function can lead to service disruption.
An attacker can cause disruption or unavailability of the SSL VPN service on the device (denial of service attack). The CVSS vector also indicates potential impact on data confidentiality and integrity.
Patches available from the manufacturer should be applied according to the references (https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013). Until the fix is deployed, it is recommended to restrict access to the SSL VPN interface only to trusted IP addresses and monitor anomalies in traffic directed to this interface.
SonicWall NSSP 13700, SonicWall NSA 2700, SonicWall NSV 270, SonicWall NSV 870, SonicWall NSA 4700 with SonicOS software containing the vulnerable SSL VPN interface; specific versions indicated in the manufacturer's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSonicwall Nsa 2700
HWSonicwallwszystkie wersjeSonicwall Nsa 3700
HWSonicwallwszystkie wersjeSonicwall Nsa 4700
HWSonicwallwszystkie wersjeSonicwall Nsa 5700
HWSonicwallwszystkie wersjeSonicwall Nsa 6700
HWSonicwallwszystkie wersjeSonicwall Nssp 10700
HWSonicwallwszystkie wersjeSonicwall Nssp 11700
HWSonicwallwszystkie wersjeSonicwall Nssp 13700
HWSonicwallwszystkie wersjeSonicwall Nssp 15700
HWSonicwallwszystkie wersjeSonicwall Nsv270
HWSonicwallwszystkie wersjeSonicwall Nsv470
HWSonicwallwszystkie wersjeSonicwall Nsv870
HWSonicwallwszystkie wersjeSonicwall Sonicos
OSSonicwall7.1.1-7040 – 7.3.0-7012 (bez)Sonicwall Tz270
HWSonicwallwszystkie wersjeSonicwall Tz270w
HWSonicwallwszystkie wersjeSonicwall Tz370
HWSonicwallwszystkie wersjeSonicwall Tz370w
HWSonicwallwszystkie wersjeSonicwall Tz470
HWSonicwallwszystkie wersjeSonicwall Tz470w
HWSonicwallwszystkie wersjeSonicwall Tz570
HWSonicwallwszystkie wersjeSonicwall Tz570p
HWSonicwallwszystkie wersjeSonicwall Tz570w
HWSonicwallwszystkie wersjeSonicwall Tz670
HWSonicwallwszystkie wersje
Related vulnerabilities
SonicWall SonicOS SSLVPN — pominięcie uwierzytelnienia (Auth Bypass)
Nieprawidłowa kontrola dostępu w SonicWall SonicOS — RCE i crash firewalla
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and poten...
Atak przez fałszowanie odpowiedzi w protokole RADIUS (RFC 2865) via kolizja MD5
Pominięcie uwierzytelnienia w SonicWall SonicOS SSL-VPN (auth bypass)