CVE-2023-1101 : SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allo

Products affected by CVE-2023-1101

Sonicwall » Sonicos
Versions up to, including, (<=) 6.5.4.11-97n
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Nsa 2600 » Version: N/A
When used together with: Sonicwall » Nsa 2650 » Version: N/A
When used together with: Sonicwall » Nsa 3600 » Version: N/A
When used together with: Sonicwall » Nsa 3650 » Version: N/A
When used together with: Sonicwall » Nsa 4600 » Version: N/A
When used together with: Sonicwall » Nsa 4650 » Version: N/A
When used together with: Sonicwall » Nsa 5600 » Version: N/A
When used together with: Sonicwall » Nsa 5650 » Version: N/A
When used together with: Sonicwall » Nsa 6600 » Version: N/A
When used together with: Sonicwall » Nsa 6650 » Version: N/A
When used together with: Sonicwall » Nsa 9250 » Version: N/A
When used together with: Sonicwall » Nsa 9450 » Version: N/A
When used together with: Sonicwall » Nsa 9650 » Version: N/A
When used together with: Sonicwall » Nssp12400 » Version: N/A
When used together with: Sonicwall » Nssp12800 » Version: N/A
When used together with: Sonicwall » Sm10200 » Version: N/A
When used together with: Sonicwall » Sm10400 » Version: N/A
When used together with: Sonicwall » Sm10800 » Version: N/A
When used together with: Sonicwall » Sm9200 » Version: N/A
When used together with: Sonicwall » Sm9400 » Version: N/A
When used together with: Sonicwall » Sm9600 » Version: N/A
When used together with: Sonicwall » Sm9800 » Version: N/A
When used together with: Sonicwall » Soho 250 » Version: N/A
When used together with: Sonicwall » Soho 250w » Version: N/A
When used together with: Sonicwall » Sohow » Version: N/A
When used together with: Sonicwall » Tz300 » Version: N/A
When used together with: Sonicwall » Tz300p » Version: N/A
When used together with: Sonicwall » Tz300w » Version: N/A
When used together with: Sonicwall » Tz350 » Version: N/A
When used together with: Sonicwall » Tz350w » Version: N/A
When used together with: Sonicwall » Tz400 » Version: N/A
When used together with: Sonicwall » Tz400w » Version: N/A
When used together with: Sonicwall » Tz500 » Version: N/A
When used together with: Sonicwall » Tz500w » Version: N/A
When used together with: Sonicwall » Tz600 » Version: N/A
When used together with: Sonicwall » Tz600p » Version: N/A
Sonicwall » Sonicos
Versions before (<) 7.0.1-5111
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Nsa 2700 » Version: N/A
When used together with: Sonicwall » Nsa 3700 » Version: N/A
When used together with: Sonicwall » Nsa 4700 » Version: N/A
When used together with: Sonicwall » Nsa 5700 » Version: N/A
When used together with: Sonicwall » Nsa 6700 » Version: N/A
When used together with: Sonicwall » Nssp 10700 » Version: N/A
When used together with: Sonicwall » Nssp 11700 » Version: N/A
When used together with: Sonicwall » Nssp 13700 » Version: N/A
When used together with: Sonicwall » Nsv 270 » Version: N/A
When used together with: Sonicwall » Nsv 470 » Version: N/A
When used together with: Sonicwall » Nsv 870 » Version: N/A
When used together with: Sonicwall » Tz270 » Version: N/A
When used together with: Sonicwall » Tz270w » Version: N/A
When used together with: Sonicwall » Tz370 » Version: N/A
When used together with: Sonicwall » Tz370w » Version: N/A
When used together with: Sonicwall » Tz470 » Version: N/A
When used together with: Sonicwall » Tz470w » Version: N/A
When used together with: Sonicwall » Tz570 » Version: N/A
When used together with: Sonicwall » Tz570p » Version: N/A
When used together with: Sonicwall » Tz570w » Version: N/A
When used together with: Sonicwall » Tz670 » Version: N/A
Sonicwall » Sonicos
Versions up to, including, (<=) 6.5.4.4-44v-21-1551
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Nsv 10 » Version: N/A
When used together with: Sonicwall » Nsv 100 » Version: N/A
When used together with: Sonicwall » Nsv 1600 » Version: N/A
When used together with: Sonicwall » Nsv 200 » Version: N/A
When used together with: Sonicwall » Nsv 25 » Version: N/A
When used together with: Sonicwall » Nsv 300 » Version: N/A
When used together with: Sonicwall » Nsv 400 » Version: N/A
When used together with: Sonicwall » Nsv 50 » Version: N/A
When used together with: Sonicwall » Nsv 800 » Version: N/A
Sonicwall » Sonicos
Versions up to, including, (<=) 7.0.1-5083
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Sonicwall » Nssp 15700 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-1101

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 46 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-1101

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-03-07
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-1101

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Primary)
- nvd@nist.gov (Secondary)
- PSIRT@sonicwall.com (Primary)

References for CVE-2023-1101

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0005

Vendor Advisory

Vulnerability Details : CVE-2023-1101

Products affected by CVE-2023-1101

Exploit prediction scoring system (EPSS) score for CVE-2023-1101

CVSS scores for CVE-2023-1101

CWE ids for CVE-2023-1101

References for CVE-2023-1101