SonicWall Security Advisory: Stack-based Buffer Overflow Vulnerability
SonicWall Security Advisory: Recent Stack-based Buffer Overflow Vulnerability
SonicWall PSIRT has identified a critical Stack-based Buffer Overflow Vulnerability in Capture Client and NetExtender Software. We urge all users to take immediate action to address this security concern.
Vulnerability Details:
- Description: A Stack-based Buffer Overflow Vulnerability has been discovered in the sfpmonitor.sys driver, which is integral to the functioning of SonicWall Capture Client and NetExtender Software. This vulnerability arises in the method handling communication from applications, potentially exposing systems to unauthorized access.
- CVSS Score: 8.2 (high)
Affected Software Versions and Timeline:
| Software | Affected Versions | Timeline |
|---|---|---|
| Capture Client for Windows | 3.7.10 and earlier | Early Partner Notification: January 15, 2024 |
| NetExtender for Windows | 10.2.337 and earlier | Official Release Date: January 16, 2024 |
| Advisory ID: CVE-2023-6340 |
Immediate Action Required:
SonicWall strongly advises organizations using older firmware versions to follow the guidance provided by SonicWall PSIRT. Upgrade to the fixed versions outlined below to mitigate potential risks.
Risk Mitigation:
- Fixed Version for Capture Client: 3.7.11 for Windows
- Fixed Version for NetExtender: 10.2.338 for Windows
- Availability: January 16, 2024
No Evidence of Exploitation: SonicWall assures users that, as of the advisory release, there is no evidence that these vulnerabilities are being exploited in the wild.
How to Upgrade:
- SonicWall PSIRT Advisory: https://psirt.global.sonicwall.com/
- Capture Client Download: https://www.sonicwall.com/support/knowledge-base/how-to-download-and-install-capture-client/220509102745870
- NetExtender Download: https://www.sonicwall.com/support/knowledge-base/how-can-i-download-and-install-netextender-for-windows/170503561905844/
Don’t wait! Patching your systems now significantly reduces the risk of exploitation.
Stay Informed:
For the latest updates and additional resources, please monitor our official channels and communication platforms.
Note: Ignoring this advisory may expose your systems to potential security threats. SonicWall & CloudFence.ai is committed to ensuring the security of your digital infrastructure. Thank you for your prompt attention to this matter.
