CVE-2023-6340 - Vulnerability Details - OpenCVE

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Sonicwall	Capture Client Netextender

Configuration 1 [-]

OR	cpe:2.3:a:sonicwall:capture_client::::::::
	cpe:2.3:a:sonicwall:netextender::::::windows::*

No data.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019

History

Wed, 11 Jun 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2024-01-17T23:57:06.142Z

Updated: 2025-06-11T16:40:22.236Z

Reserved: 2023-11-27T22:23:00.404Z

Link: CVE-2023-6340

Vulnrichment

Updated: 2024-08-02T08:28:21.581Z

NVD

Status : Modified

Published: 2024-01-18T00:15:38.080

Modified: 2025-06-11T17:15:38.727

Link: CVE-2023-6340

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6340", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2023-11-27T22:23:00.404Z", "datePublished": "2024-01-17T23:57:06.142Z", "dateUpdated": "2025-06-11T16:40:22.236Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Capture Client", "vendor": "SonicWall", "versions": [{"status": "affected", "version": "3.7.10 and earlier versions"}]}, {"defaultStatus": "unknown", "platforms": ["Windows", "64 bit", "32 bit"], "product": "NetExtender", "vendor": "SonicWall", "versions": [{"status": "affected", "version": "10.2.337 and earlier versions"}]}], "datePublic": "2024-01-17T07:27:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability."}], "value": "SonicWall Capture Client version 3.7.10,\u00a0NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2024-01-17T23:57:06.142Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:21.581Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T15:23:04.082962Z", "id": "CVE-2023-6340", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T16:40:22.236Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:28:21.581Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-6340", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T15:23:04.082962Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T15:24:03.412Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "affected": [{"vendor": "SonicWall", "product": "Capture Client", "versions": [{"status": "affected", "version": "3.7.10 and earlier versions"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "SonicWall", "product": "NetExtender", "versions": [{"status": "affected", "version": "10.2.337 and earlier versions"}], "platforms": ["Windows", "64 bit", "32 bit"], "defaultStatus": "unknown"}], "datePublic": "2024-01-17T07:27:00.000Z", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SonicWall Capture Client version 3.7.10,\u00a0NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.", "supportingMedia": [{"type": "text/html", "value": "SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2024-01-17T23:57:06.142Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6340", "state": "PUBLISHED", "dateUpdated": "2025-06-11T16:40:22.236Z", "dateReserved": "2023-11-27T22:23:00.404Z", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "datePublished": "2024-01-17T23:57:06.142Z", "assignerShortName": "sonicwall"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:capture_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EA62B9D-9A7C-447A-BA0C-5ECFF6C74515", "versionEndIncluding": "3.7.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BB83F5B1-CD28-4AC4-913C-48C0A7EE32FB", "versionEndIncluding": "10.2.337", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SonicWall Capture Client version 3.7.10,\u00a0NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability."}, {"lang": "es", "value": "SonicWall Capture Client versi\u00f3n 3.7.10, NetExtender client versi\u00f3n 10.2.337 y versiones anteriores se instalan con el controlador sfpmonitor.sys. Se ha descubierto que el controlador es vulnerable a la denegaci\u00f3n de servicio (DoS) causada por una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria."}], "id": "CVE-2023-6340", "lastModified": "2025-06-11T17:15:38.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-18T00:15:38.080", "references": [{"source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "PSIRT@sonicwall.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}