cvelistv5 - cve-2020-5136

CVE-2020-5136 (GCVE-0-2020-5136)

Vulnerability from cvelistv5 – Published: 2020-10-12 10:40 – Updated: 2024-08-04 08:22

Summary

Severity ?

No CVSS data available.

CWE

CWE-120 - Buffer Copy without Checking Size of Input

Assigner

sonicwall

References

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SN…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Affected: SonicOS 6.5.4.7-79n and earlier Affected: SonicOS 5.9.1.7-2n and earlier Affected: SonicOS 5.9.1.13-5n and earlier Affected: SonicOS 6.5.1.11-4n and earlier Affected: SonicOS 6.0.5.3-93o and earlier Affected: SonicOSv 6.5.4.4-44v-21-794 and earlier Affected: SonicOS 7.0.0.0-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "SonicOS 6.5.4.7-79n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 5.9.1.7-2n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 5.9.1.13-5n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 6.5.1.11-4n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 6.0.5.3-93o and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 7.0.0.0-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-12T10:40:29",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2020-5136",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SonicOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SonicOS 6.5.4.7-79n and earlier"
                          },
                          {
                            "version_value": "SonicOS 5.9.1.7-2n and earlier"
                          },
                          {
                            "version_value": "SonicOS 5.9.1.13-5n and earlier"
                          },
                          {
                            "version_value": "SonicOS 6.5.1.11-4n and earlier"
                          },
                          {
                            "version_value": "SonicOS 6.0.5.3-93o and earlier"
                          },
                          {
                            "version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
                          },
                          {
                            "version_value": "SonicOS 7.0.0.0-1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SonicWall"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120: Buffer Copy without Checking Size of Input"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2020-5136",
    "datePublished": "2020-10-12T10:40:29",
    "dateReserved": "2019-12-31T00:00:00",
    "dateUpdated": "2024-08-04T08:22:08.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.9.1.13\", \"matchCriteriaId\": \"FF2C3009-7B05-41B3-849E-DFBB8C79968D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0.0\", \"versionEndIncluding\": \"6.0.5.3\", \"matchCriteriaId\": \"0A2C8637-5089-4B5A-8458-67D097CF5BEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5.0.0\", \"versionEndIncluding\": \"6.5.1.11\", \"matchCriteriaId\": \"08DF961E-08DD-47EC-9AB1-3A3FF79E1F7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5.4.0\", \"versionEndIncluding\": \"6.5.4.7\", \"matchCriteriaId\": \"8302038F-FA49-4CF2-B064-3EE1103B99F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05C0300F-44AB-482C-BA6D-B9F2ED77037A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.5.4.4\", \"matchCriteriaId\": \"8BBB86A1-803B-4B76-BF3D-4A9BCC5AD302\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de desbordamiento del b\\u00fafer en SonicOS, permite a un atacante autenticado causar una Denegaci\\u00f3n de Servicio (DoS) en el portal de SSL-VPN y virtual assist, lo que conlleva a un bloqueo del firewall. Esta vulnerabilidad afect\\u00f3 a SonicOS Gen 5 versiones 5.9.1.7, 5.9.1.13, Gen 6 versiones 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv versi\\u00f3n 6.5.4.v y Gen 7 versi\\u00f3n 7.0.0.0\"}]",
      "id": "CVE-2020-5136",
      "lastModified": "2024-11-21T05:33:36.643",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-10-12T11:15:12.827",
      "references": "[{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011\", \"source\": \"PSIRT@sonicwall.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "PSIRT@sonicwall.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"PSIRT@sonicwall.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5136\",\"sourceIdentifier\":\"PSIRT@sonicwall.com\",\"published\":\"2020-10-12T11:15:12.827\",\"lastModified\":\"2024-11-21T05:33:36.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desbordamiento del b\u00fafer en SonicOS, permite a un atacante autenticado causar una Denegaci\u00f3n de Servicio (DoS) en el portal de SSL-VPN y virtual assist, lo que conlleva a un bloqueo del firewall. Esta vulnerabilidad afect\u00f3 a SonicOS Gen 5 versiones 5.9.1.7, 5.9.1.13, Gen 6 versiones 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv versi\u00f3n 6.5.4.v y Gen 7 versi\u00f3n 7.0.0.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"PSIRT@sonicwall.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.9.1.13\",\"matchCriteriaId\":\"FF2C3009-7B05-41B3-849E-DFBB8C79968D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0.0\",\"versionEndIncluding\":\"6.0.5.3\",\"matchCriteriaId\":\"0A2C8637-5089-4B5A-8458-67D097CF5BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.0.0\",\"versionEndIncluding\":\"6.5.1.11\",\"matchCriteriaId\":\"08DF961E-08DD-47EC-9AB1-3A3FF79E1F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.4.0\",\"versionEndIncluding\":\"6.5.4.7\",\"matchCriteriaId\":\"8302038F-FA49-4CF2-B064-3EE1103B99F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C0300F-44AB-482C-BA6D-B9F2ED77037A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.5.4.4\",\"matchCriteriaId\":\"8BBB86A1-803B-4B76-BF3D-4A9BCC5AD302\"}]}]}],\"references\":[{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011\",\"source\":\"PSIRT@sonicwall.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2020-5136

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5136

Aliases

CVE-2020-5136

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5136",
    "description": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.",
    "id": "GSD-2020-5136"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5136"
      ],
      "details": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.",
      "id": "GSD-2020-5136",
      "modified": "2023-12-13T01:22:03.220552Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT@sonicwall.com",
        "ID": "CVE-2020-5136",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SonicOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SonicOS 6.5.4.7-79n and earlier"
                        },
                        {
                          "version_value": "SonicOS 5.9.1.7-2n and earlier"
                        },
                        {
                          "version_value": "SonicOS 5.9.1.13-5n and earlier"
                        },
                        {
                          "version_value": "SonicOS 6.5.1.11-4n and earlier"
                        },
                        {
                          "version_value": "SonicOS 6.0.5.3-93o and earlier"
                        },
                        {
                          "version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
                        },
                        {
                          "version_value": "SonicOS 7.0.0.0-1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SonicWall"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-120: Buffer Copy without Checking Size of Input"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.9.1.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.5.3",
                "versionStartIncluding": "6.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.1.11",
                "versionStartIncluding": "6.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.7",
                "versionStartIncluding": "6.5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2020-5136"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-10-23T00:53Z",
      "publishedDate": "2020-10-12T11:15Z"
    }
  }
}

FKIE_CVE-2020-5136

Vulnerability from fkie_nvd - Published: 2020-10-12 11:15 - Updated: 2024-11-21 05:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011	Vendor Advisory

Impacted products

Vendor	Product	Version
sonicwall	sonicos	*
sonicwall	sonicos	*
sonicwall	sonicos	*
sonicwall	sonicos	*
sonicwall	sonicos	7.0.0.0
sonicwall	sonicosv	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2C3009-7B05-41B3-849E-DFBB8C79968D",
              "versionEndIncluding": "5.9.1.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2C8637-5089-4B5A-8458-67D097CF5BEA",
              "versionEndIncluding": "6.0.5.3",
              "versionStartIncluding": "6.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DF961E-08DD-47EC-9AB1-3A3FF79E1F7A",
              "versionEndIncluding": "6.5.1.11",
              "versionStartIncluding": "6.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8302038F-FA49-4CF2-B064-3EE1103B99F1",
              "versionEndIncluding": "6.5.4.7",
              "versionStartIncluding": "6.5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C0300F-44AB-482C-BA6D-B9F2ED77037A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBB86A1-803B-4B76-BF3D-4A9BCC5AD302",
              "versionEndIncluding": "6.5.4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento del b\u00fafer en SonicOS, permite a un atacante autenticado causar una Denegaci\u00f3n de Servicio (DoS) en el portal de SSL-VPN y virtual assist, lo que conlleva a un bloqueo del firewall. Esta vulnerabilidad afect\u00f3 a SonicOS Gen 5 versiones 5.9.1.7, 5.9.1.13, Gen 6 versiones 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv versi\u00f3n 6.5.4.v y Gen 7 versi\u00f3n 7.0.0.0"
    }
  ],
  "id": "CVE-2020-5136",
  "lastModified": "2024-11-21T05:33:36.643",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-12T11:15:12.827",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-85R9-8Q36-5HM5

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5136"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-12T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.",
  "id": "GHSA-85r9-8q36-5hm5",
  "modified": "2022-05-24T17:30:32Z",
  "published": "2022-05-24T17:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5136"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-28765

Vulnerability from cnvd - Published: 2021-04-16

Title

SonicWALL SonicOS缓冲区溢出漏洞（CNVD-2021-28765）

Description

SonicOS是SonicWALL公司的专有操作系统，是SonicWALL防火墙设备的固件。 SonicWALL SonicOS存在缓冲区溢出漏洞，攻击者可利用该漏洞导致SSL-VPN和拟助手门户拒绝服务，从而可导致防火墙崩溃。

Severity

中

Patch Name

SonicWALL SonicOS缓冲区溢出漏洞（CNVD-2021-28765）的补丁

Patch Description

SonicOS是SonicWALL公司的专有操作系统，是SonicWALL防火墙设备的固件。 SonicWALL SonicOS存在缓冲区溢出漏洞，攻击者可利用该漏洞导致SSL-VPN和拟助手门户拒绝服务，从而可导致防火墙崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-5136

Impacted products

Name
['SonicWALL SonicOS <=6.5.1.11-4n', 'SonicWALL SonicOS <=6.0.5.3-93o', 'SonicWALL SonicOS <=6.5.4.4-44v-21-794', 'SonicWall SonicOS <=6.5.4.6-79n', 'SonicWall SonicOS <=5.9.1.7-2o', 'SonicWall SonicOS <=5.9.1.13-5o']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5136",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-5136"
    }
  },
  "description": "SonicOS\u662fSonicWALL\u516c\u53f8\u7684\u4e13\u6709\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662fSonicWALL\u9632\u706b\u5899\u8bbe\u5907\u7684\u56fa\u4ef6\u3002\n\nSonicWALL SonicOS\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4SSL-VPN\u548c\u62df\u52a9\u624b\u95e8\u6237\u62d2\u7edd\u670d\u52a1\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u9632\u706b\u5899\u5d29\u6e83\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28765",
  "openTime": "2021-04-16",
  "patchDescription": "SonicOS\u662fSonicWALL\u516c\u53f8\u7684\u4e13\u6709\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662fSonicWALL\u9632\u706b\u5899\u8bbe\u5907\u7684\u56fa\u4ef6\u3002\r\n\r\nSonicWALL SonicOS\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4SSL-VPN\u548c\u62df\u52a9\u624b\u95e8\u6237\u62d2\u7edd\u670d\u52a1\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u9632\u706b\u5899\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SonicWALL SonicOS\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-28765\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SonicWALL SonicOS \u003c=6.5.1.11-4n",
      "SonicWALL SonicOS \u003c=6.0.5.3-93o",
      "SonicWALL SonicOS \u003c=6.5.4.4-44v-21-794",
      "SonicWall SonicOS \u003c=6.5.4.6-79n",
      "SonicWall SonicOS \u003c=5.9.1.7-2o",
      "SonicWall SonicOS \u003c=5.9.1.13-5o"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-5136",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-13",
  "title": "SonicWALL SonicOS\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-28765\uff09"
}

VAR-202010-1188

Vulnerability from variot - Updated: 2023-12-18 12:49

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. SonicOS Contains a classic buffer overflow vulnerability.Denial of service (DoS) It may be put into a state. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States. SonicOS has a buffer error vulnerability. v and seventh generation version 7.0.0.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1188",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sonicos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.4.0"
      },
      {
        "model": "sonicos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.0.0"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.1.11"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.0.5.3"
      },
      {
        "model": "sonicosv",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.4.4"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.4.7"
      },
      {
        "model": "sonicos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "7.0.0.0"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "5.9.1.13"
      },
      {
        "model": "sonicos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.0.0.0"
      },
      {
        "model": "sonicos",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sonicosv",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.9.1.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.5.3",
                "versionStartIncluding": "6.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.1.11",
                "versionStartIncluding": "6.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.7",
                "versionStartIncluding": "6.5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      }
    ]
  },
  "cve": "CVE-2020-5136",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-5136",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-183261",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-5136",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-5136",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202010-422",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-183261",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-5136",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. SonicOS Contains a classic buffer overflow vulnerability.Denial of service (DoS) It may be put into a state. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States. SonicOS has a buffer error vulnerability. v and seventh generation version 7.0.0.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5136"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-5136",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-183261",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5136",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ]
  },
  "id": "VAR-202010-1188",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183261"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:49:29.478000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SNWLID-2020-0011",
        "trust": 0.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0011"
      },
      {
        "title": "SonicWall SonicOS Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129917"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.1
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0011"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5136"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/120.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5136"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5136"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "date": "2020-10-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5136"
      },
      {
        "date": "2021-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "date": "2020-10-12T11:15:12.827000",
        "db": "NVD",
        "id": "CVE-2020-5136"
      },
      {
        "date": "2020-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183261"
      },
      {
        "date": "2020-10-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5136"
      },
      {
        "date": "2021-05-10T05:45:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      },
      {
        "date": "2020-10-23T00:53:35.733000",
        "db": "NVD",
        "id": "CVE-2020-5136"
      },
      {
        "date": "2020-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicOS\u00a0 Buffer Overflow Vulnerability in Linux",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012475"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-422"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2020-AVI-651

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Sonicwall SonicOS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Sonicwall	SonicOS	SonicOS 6.5.1.x versions antérieures à 6.5.1.12-1n
Sonicwall	SonicOS	Gen 7 versions antérieures à 7.0.0.0-2
Sonicwall	SonicOS	SonicOS 6.5.4.x versions antérieures à 6.5.4.7-83n
Sonicwall	SonicOS	SonicOS 5.9.x versions antérieures à 5.9.2.13-7n
Sonicwall	SonicOS	SonicOS 6.0.x versions antérieures à 6.0.5.3-94o
Sonicwall	SonicOS	SonicOS 6.5.4.v versions antérieures à 6.5.4.v-21s-987

References

Title

Publication Time

Tags

Bulletin de sécurité Sonicwall SNWLID-2020-0009 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0013 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0011 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0016 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0012 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0015 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0018 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0017 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0008 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0010 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0014 du 12 octobre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SonicOS 6.5.1.x versions ant\u00e9rieures \u00e0 6.5.1.12-1n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen 7 versions ant\u00e9rieures \u00e0 7.0.0.0-2",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.x versions ant\u00e9rieures \u00e0 6.5.4.7-83n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 5.9.x versions ant\u00e9rieures \u00e0 5.9.2.13-7n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.0.x versions ant\u00e9rieures \u00e0 6.0.5.3-94o",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.v versions ant\u00e9rieures \u00e0 6.5.4.v-21s-987",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5138"
    },
    {
      "name": "CVE-2020-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5142"
    },
    {
      "name": "CVE-2020-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5140"
    },
    {
      "name": "CVE-2020-5133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5133"
    },
    {
      "name": "CVE-2020-5143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5143"
    },
    {
      "name": "CVE-2020-5136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5136"
    },
    {
      "name": "CVE-2020-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5137"
    },
    {
      "name": "CVE-2020-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5134"
    },
    {
      "name": "CVE-2020-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5141"
    },
    {
      "name": "CVE-2020-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5135"
    },
    {
      "name": "CVE-2020-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5139"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-651",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Sonicwall SonicOS.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sonicwall SonicOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0009 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0013 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0011 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0016 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0012 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0015 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0018 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0017 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0008 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0008"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0010 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0014 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014"
    }
  ]
}

CERTFR-2020-AVI-651

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Sonicwall	SonicOS	SonicOS 6.5.1.x versions antérieures à 6.5.1.12-1n
Sonicwall	SonicOS	Gen 7 versions antérieures à 7.0.0.0-2
Sonicwall	SonicOS	SonicOS 6.5.4.x versions antérieures à 6.5.4.7-83n
Sonicwall	SonicOS	SonicOS 5.9.x versions antérieures à 5.9.2.13-7n
Sonicwall	SonicOS	SonicOS 6.0.x versions antérieures à 6.0.5.3-94o
Sonicwall	SonicOS	SonicOS 6.5.4.v versions antérieures à 6.5.4.v-21s-987

References

Title

Publication Time

Tags

Bulletin de sécurité Sonicwall SNWLID-2020-0009 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0013 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0011 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0016 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0012 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0015 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0018 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0017 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0008 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0010 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0014 du 12 octobre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SonicOS 6.5.1.x versions ant\u00e9rieures \u00e0 6.5.1.12-1n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen 7 versions ant\u00e9rieures \u00e0 7.0.0.0-2",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.x versions ant\u00e9rieures \u00e0 6.5.4.7-83n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 5.9.x versions ant\u00e9rieures \u00e0 5.9.2.13-7n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.0.x versions ant\u00e9rieures \u00e0 6.0.5.3-94o",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.v versions ant\u00e9rieures \u00e0 6.5.4.v-21s-987",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5138"
    },
    {
      "name": "CVE-2020-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5142"
    },
    {
      "name": "CVE-2020-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5140"
    },
    {
      "name": "CVE-2020-5133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5133"
    },
    {
      "name": "CVE-2020-5143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5143"
    },
    {
      "name": "CVE-2020-5136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5136"
    },
    {
      "name": "CVE-2020-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5137"
    },
    {
      "name": "CVE-2020-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5134"
    },
    {
      "name": "CVE-2020-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5141"
    },
    {
      "name": "CVE-2020-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5135"
    },
    {
      "name": "CVE-2020-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5139"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-651",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Sonicwall SonicOS.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sonicwall SonicOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0009 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0013 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0011 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0016 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0012 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0015 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0018 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0017 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0008 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0008"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0010 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0014 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5136 (GCVE-0-2020-5136)

GSD-2020-5136

FKIE_CVE-2020-5136

GHSA-85R9-8Q36-5HM5

CNVD-2021-28765

VAR-202010-1188

CERTFR-2020-AVI-651

Solution

CERTFR-2020-AVI-651

Solution

Tags

Sightings

Nomenclature