SonicWall Family January 2024 1st Security Update Advisory

Jan 17 2024

Overview

SonicWall(https://www.sonicwall.com) has released a security update that fixes vulnerabilities in its products. Users of affected products are advised to update to the latest version.

Affected Products

Capture Client 3.7.10 and earlier versions

NetExtender Windows Client 10.2.337 (Windows 32 and 64 bit) and earlier versions

Resolved Vulnerabilities

Stack-based buffer overflow vulnerability in the sfpmonitor.sys driver in SonicWall Capture Client (CVE-2023-6340)
a stack-based buffer overflow vulnerability occurs within a method that handles queries used to communicate with SonicWall Capture Client in the sfpmonitor.sys driver, which could allow an attacker to craft a specific query that overwrites kernel memory, causing a denial of service, or potentially code execution on the target operating system.

Vulnerability Patches

The following product-specific vulnerability patches were made available in the January 17, 2024 update. For more information on vulnerability patches, please refer to the “FIXED SOFTWARE” section of the product-specific reference site documentation.

Capture Client 3.7.11 and later versions

NetExtender Windows Client 10.2.338 (Windows 32 and 64 bit) and later versions

Referenced Sites

[1] SFPMonitor.sys KOOB Write vulnerability

Https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019

SonicWall Family January 2024 1st Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome browser (120.0.6099.234) security update advisory

Microsoft Edge browser (120.0.6099.224) version security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome browser (120.0.6099.234) security update advisory

Microsoft Edge browser (120.0.6099.224) version security update advisory