CVE-2020-5141
12.10.2020, 11:15
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sonicwall | sonicos | 𝑥 ≤ 5.9.1.13 |
| sonicwall | sonicos | 6.0.0.0 ≤ 𝑥 ≤ 6.0.5.3 |
| sonicwall | sonicos | 6.5.0.0 ≤ 𝑥 ≤ 6.5.1.11 |
| sonicwall | sonicos | 6.5.4.0 ≤ 𝑥 ≤ 6.5.4.7 |
| sonicwall | sonicos | 7.0.0.0 |
| sonicwall | sonicosv | 𝑥 ≤ 6.5.4.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-799 - Improper Control of Interaction FrequencyThe software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
- CWE-307 - Improper Restriction of Excessive Authentication AttemptsThe product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.