CVE-2023-41712

Name of the Vulnerable Software and Affected Versions SonicOS (affected versions not specified)

Description The issue is related to a post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN "plainprefs.exp" URL endpoint. This vulnerability can be exploited by a remote attacker using a specially crafted HTTP request, leading to a denial of service and causing the firewall to crash. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the "plainprefs.exp" URL endpoint in the SSL VPN to minimize the risk of exploitation. Avoid using the vulnerable endpoint until the issue is resolved.