CVE-2023-1101

Summary

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicOSSonicOS 6.5.4.11-97n and earlieraffected
SonicWallSonicOSSonicOS NSv 6.5.4.4-44v-21-1551 and earlieraffected
SonicWallSonicOSSonicOS NSsp 7.0.1-5083 and earlieraffected
SonicWallSonicOSSonicOS 7.0.1-5095 and earlieraffected

Weaknesses

  • CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References