cvelistv5 - cve-2020-5141

CVE-2020-5141 (GCVE-0-2020-5141)

Vulnerability from cvelistv5 – Published: 2020-10-12 10:40 – Updated: 2024-08-04 08:22

Summary

Severity ?

No CVSS data available.

CWE

CWE-799 - Improper Control of Interaction Frequency

Assigner

sonicwall

References

URL

Tags

https://psirt.global.sonicwall.com/vuln-detail/SN…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	SonicWall	SonicOS	Affected: SonicOS 6.5.4.7-79n and earlier Affected: SonicOS 5.9.1.7-2n and earlier Affected: SonicOS 5.9.1.13-5n and earlier Affected: SonicOS 6.5.1.11-4n and earlier Affected: SonicOS 6.0.5.3-93o and earlier Affected: SonicOSv 6.5.4.4-44v-21-794 and earlier Affected: SonicOS 7.0.0.0-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SonicOS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "SonicOS 6.5.4.7-79n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 5.9.1.7-2n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 5.9.1.13-5n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 6.5.1.11-4n and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 6.0.5.3-93o and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
            },
            {
              "status": "affected",
              "version": "SonicOS 7.0.0.0-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-799",
              "description": "CWE-799: Improper Control of Interaction Frequency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-12T10:40:31",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2020-5141",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SonicOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SonicOS 6.5.4.7-79n and earlier"
                          },
                          {
                            "version_value": "SonicOS 5.9.1.7-2n and earlier"
                          },
                          {
                            "version_value": "SonicOS 5.9.1.13-5n and earlier"
                          },
                          {
                            "version_value": "SonicOS 6.5.1.11-4n and earlier"
                          },
                          {
                            "version_value": "SonicOS 6.0.5.3-93o and earlier"
                          },
                          {
                            "version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
                          },
                          {
                            "version_value": "SonicOS 7.0.0.0-1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SonicWall"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-799: Improper Control of Interaction Frequency"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2020-5141",
    "datePublished": "2020-10-12T10:40:31",
    "dateReserved": "2019-12-31T00:00:00",
    "dateUpdated": "2024-08-04T08:22:08.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.9.1.13\", \"matchCriteriaId\": \"FF2C3009-7B05-41B3-849E-DFBB8C79968D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0.0\", \"versionEndIncluding\": \"6.0.5.3\", \"matchCriteriaId\": \"0A2C8637-5089-4B5A-8458-67D097CF5BEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5.0.0\", \"versionEndIncluding\": \"6.5.1.11\", \"matchCriteriaId\": \"08DF961E-08DD-47EC-9AB1-3A3FF79E1F7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5.4.0\", \"versionEndIncluding\": \"6.5.4.7\", \"matchCriteriaId\": \"8302038F-FA49-4CF2-B064-3EE1103B99F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05C0300F-44AB-482C-BA6D-B9F2ED77037A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.5.4.4\", \"matchCriteriaId\": \"8BBB86A1-803B-4B76-BF3D-4A9BCC5AD302\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en SonicOS, permite a un atacante remoto no autenticado usar fuerza bruta en el ID de ticket de Virtual Assist en el servicio SSLVPN del firewall. Esta vulnerabilidad afect\\u00f3 a SonicOS Gen 5 versiones 5.9.1.7, 5.9.1.13, Gen 6 versiones 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv versi\\u00f3n 6.5.4.v y SonicOS Gen 7 versi\\u00f3n 7.0.0.0\"}]",
      "id": "CVE-2020-5141",
      "lastModified": "2024-11-21T05:33:37.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-10-12T11:15:13.123",
      "references": "[{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016\", \"source\": \"PSIRT@sonicwall.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "PSIRT@sonicwall.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"PSIRT@sonicwall.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-799\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-307\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5141\",\"sourceIdentifier\":\"PSIRT@sonicwall.com\",\"published\":\"2020-10-12T11:15:13.123\",\"lastModified\":\"2024-11-21T05:33:37.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en SonicOS, permite a un atacante remoto no autenticado usar fuerza bruta en el ID de ticket de Virtual Assist en el servicio SSLVPN del firewall. Esta vulnerabilidad afect\u00f3 a SonicOS Gen 5 versiones 5.9.1.7, 5.9.1.13, Gen 6 versiones 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv versi\u00f3n 6.5.4.v y SonicOS Gen 7 versi\u00f3n 7.0.0.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"PSIRT@sonicwall.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-799\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.9.1.13\",\"matchCriteriaId\":\"FF2C3009-7B05-41B3-849E-DFBB8C79968D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0.0\",\"versionEndIncluding\":\"6.0.5.3\",\"matchCriteriaId\":\"0A2C8637-5089-4B5A-8458-67D097CF5BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.0.0\",\"versionEndIncluding\":\"6.5.1.11\",\"matchCriteriaId\":\"08DF961E-08DD-47EC-9AB1-3A3FF79E1F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.4.0\",\"versionEndIncluding\":\"6.5.4.7\",\"matchCriteriaId\":\"8302038F-FA49-4CF2-B064-3EE1103B99F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C0300F-44AB-482C-BA6D-B9F2ED77037A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.5.4.4\",\"matchCriteriaId\":\"8BBB86A1-803B-4B76-BF3D-4A9BCC5AD302\"}]}]}],\"references\":[{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016\",\"source\":\"PSIRT@sonicwall.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2020-5141

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5141

Aliases

CVE-2020-5141

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5141",
    "description": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",
    "id": "GSD-2020-5141"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5141"
      ],
      "details": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",
      "id": "GSD-2020-5141",
      "modified": "2023-12-13T01:22:03.513840Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT@sonicwall.com",
        "ID": "CVE-2020-5141",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SonicOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SonicOS 6.5.4.7-79n and earlier"
                        },
                        {
                          "version_value": "SonicOS 5.9.1.7-2n and earlier"
                        },
                        {
                          "version_value": "SonicOS 5.9.1.13-5n and earlier"
                        },
                        {
                          "version_value": "SonicOS 6.5.1.11-4n and earlier"
                        },
                        {
                          "version_value": "SonicOS 6.0.5.3-93o and earlier"
                        },
                        {
                          "version_value": "SonicOSv 6.5.4.4-44v-21-794 and earlier"
                        },
                        {
                          "version_value": "SonicOS 7.0.0.0-1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SonicWall"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-799: Improper Control of Interaction Frequency"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.9.1.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.5.3",
                "versionStartIncluding": "6.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.1.11",
                "versionStartIncluding": "6.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.7",
                "versionStartIncluding": "6.5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2020-5141"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-307"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2020-10-23T00:45Z",
      "publishedDate": "2020-10-12T11:15Z"
    }
  }
}

VAR-202010-1193

Vulnerability from variot - Updated: 2023-12-18 12:27

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. SonicOS Is vulnerable to improper restriction of excessive authentication attempts.Information may be obtained and information may be tampered with. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1193",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sonicos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.4.0"
      },
      {
        "model": "sonicos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.0.0"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.1.11"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.0.5.3"
      },
      {
        "model": "sonicosv",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.4.4"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.5.4.7"
      },
      {
        "model": "sonicos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "7.0.0.0"
      },
      {
        "model": "sonicos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "5.9.1.13"
      },
      {
        "model": "sonicos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "6.0.0.0"
      },
      {
        "model": "sonicos",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      },
      {
        "model": "sonicosv",
        "scope": null,
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.9.1.13",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.5.3",
                "versionStartIncluding": "6.0.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.1.11",
                "versionStartIncluding": "6.5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.7",
                "versionStartIncluding": "6.5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.5.4.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      }
    ]
  },
  "cve": "CVE-2020-5141",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2020-5141",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-183266",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2020-5141",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-5141",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202010-425",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-183266",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. SonicOS Is vulnerable to improper restriction of excessive authentication attempts.Information may be obtained and information may be tampered with. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "VULHUB",
        "id": "VHN-183266"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-5141",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-183266",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ]
  },
  "id": "VAR-202010-1193",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183266"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:27:12.573000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SNWLID-2020-0016",
        "trust": 0.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0016"
      },
      {
        "title": "SonicWall SonicOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131177"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-307",
        "trust": 1.1
      },
      {
        "problemtype": "Inappropriate restriction of excessive authentication attempts (CWE-307) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0016"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5141"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-183266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5141"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183266"
      },
      {
        "date": "2021-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "date": "2020-10-12T11:15:13.123000",
        "db": "NVD",
        "id": "CVE-2020-5141"
      },
      {
        "date": "2020-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183266"
      },
      {
        "date": "2021-05-10T05:44:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      },
      {
        "date": "2020-10-23T00:45:32.170000",
        "db": "NVD",
        "id": "CVE-2020-5141"
      },
      {
        "date": "2020-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicOS\u00a0 Vulnerability regarding improper restriction of excessive authentication attempts in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012459"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-425"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2020-5141

Vulnerability from fkie_nvd - Published: 2020-10-12 11:15 - Updated: 2024-11-21 05:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016	Vendor Advisory

Impacted products

Vendor	Product	Version
sonicwall	sonicos	*
sonicwall	sonicos	*
sonicwall	sonicos	*
sonicwall	sonicos	*
sonicwall	sonicos	7.0.0.0
sonicwall	sonicosv	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2C3009-7B05-41B3-849E-DFBB8C79968D",
              "versionEndIncluding": "5.9.1.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2C8637-5089-4B5A-8458-67D097CF5BEA",
              "versionEndIncluding": "6.0.5.3",
              "versionStartIncluding": "6.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DF961E-08DD-47EC-9AB1-3A3FF79E1F7A",
              "versionEndIncluding": "6.5.1.11",
              "versionStartIncluding": "6.5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8302038F-FA49-4CF2-B064-3EE1103B99F1",
              "versionEndIncluding": "6.5.4.7",
              "versionStartIncluding": "6.5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicos:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C0300F-44AB-482C-BA6D-B9F2ED77037A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:sonicwall:sonicosv:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBB86A1-803B-4B76-BF3D-4A9BCC5AD302",
              "versionEndIncluding": "6.5.4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en SonicOS, permite a un atacante remoto no autenticado usar fuerza bruta en el ID de ticket de Virtual Assist en el servicio SSLVPN del firewall. Esta vulnerabilidad afect\u00f3 a SonicOS Gen 5 versiones 5.9.1.7, 5.9.1.13, Gen 6 versiones 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv versi\u00f3n 6.5.4.v y SonicOS Gen 7 versi\u00f3n 7.0.0.0"
    }
  ],
  "id": "CVE-2020-5141",
  "lastModified": "2024-11-21T05:33:37.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-12T11:15:13.123",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-799"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-28770

Vulnerability from cnvd - Published: 2021-04-16

Title

SonicWALL SonicOS信息泄露漏洞

Description

SonicOS是SonicWALL公司的专有操作系统，是SonicWALL防火墙设备的固件。 SonicWALL SonicOS存在信息泄露漏洞，远程未认证攻击者可利用该漏洞暴力破解SSLVPN服务中的虚拟助手工单ID。

Severity

中

Patch Name

SonicWALL SonicOS信息泄露漏洞的补丁

Patch Description

SonicOS是SonicWALL公司的专有操作系统，是SonicWALL防火墙设备的固件。 SonicWALL SonicOS存在信息泄露漏洞，远程未认证攻击者可利用该漏洞暴力破解SSLVPN服务中的虚拟助手工单ID。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-5141

Impacted products

Name
['SonicWALL SonicOS <=6.5.1.11-4n', 'SonicWALL SonicOS <=6.0.5.3-93o', 'SonicWALL SonicOS <=6.5.4.4-44v-21-794', 'SonicWall SonicOS <=6.5.4.6-79n', 'SonicWall SonicOS <=5.9.1.7-2o', 'SonicWall SonicOS <=5.9.1.13-5o']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5141",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-5141"
    }
  },
  "description": "SonicOS\u662fSonicWALL\u516c\u53f8\u7684\u4e13\u6709\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662fSonicWALL\u9632\u706b\u5899\u8bbe\u5907\u7684\u56fa\u4ef6\u3002\n\nSonicWALL SonicOS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66b4\u529b\u7834\u89e3SSLVPN\u670d\u52a1\u4e2d\u7684\u865a\u62df\u52a9\u624b\u5de5\u5355ID\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28770",
  "openTime": "2021-04-16",
  "patchDescription": "SonicOS\u662fSonicWALL\u516c\u53f8\u7684\u4e13\u6709\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662fSonicWALL\u9632\u706b\u5899\u8bbe\u5907\u7684\u56fa\u4ef6\u3002\r\n\r\nSonicWALL SonicOS\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66b4\u529b\u7834\u89e3SSLVPN\u670d\u52a1\u4e2d\u7684\u865a\u62df\u52a9\u624b\u5de5\u5355ID\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SonicWALL SonicOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SonicWALL SonicOS \u003c=6.5.1.11-4n",
      "SonicWALL SonicOS \u003c=6.0.5.3-93o",
      "SonicWALL SonicOS \u003c=6.5.4.4-44v-21-794",
      "SonicWall SonicOS \u003c=6.5.4.6-79n",
      "SonicWall SonicOS \u003c=5.9.1.7-2o",
      "SonicWall SonicOS \u003c=5.9.1.13-5o"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-5141",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-13",
  "title": "SonicWALL SonicOS\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-VHRG-9CJQ-6J3H

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-12T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.",
  "id": "GHSA-vhrg-9cjq-6j3h",
  "modified": "2022-05-24T17:30:32Z",
  "published": "2022-05-24T17:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5141"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2020-AVI-651

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Sonicwall SonicOS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Sonicwall	SonicOS	SonicOS 6.5.1.x versions antérieures à 6.5.1.12-1n
Sonicwall	SonicOS	Gen 7 versions antérieures à 7.0.0.0-2
Sonicwall	SonicOS	SonicOS 6.5.4.x versions antérieures à 6.5.4.7-83n
Sonicwall	SonicOS	SonicOS 5.9.x versions antérieures à 5.9.2.13-7n
Sonicwall	SonicOS	SonicOS 6.0.x versions antérieures à 6.0.5.3-94o
Sonicwall	SonicOS	SonicOS 6.5.4.v versions antérieures à 6.5.4.v-21s-987

References

Title

Publication Time

Tags

Bulletin de sécurité Sonicwall SNWLID-2020-0009 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0013 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0011 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0016 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0012 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0015 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0018 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0017 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0008 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0010 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0014 du 12 octobre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SonicOS 6.5.1.x versions ant\u00e9rieures \u00e0 6.5.1.12-1n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen 7 versions ant\u00e9rieures \u00e0 7.0.0.0-2",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.x versions ant\u00e9rieures \u00e0 6.5.4.7-83n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 5.9.x versions ant\u00e9rieures \u00e0 5.9.2.13-7n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.0.x versions ant\u00e9rieures \u00e0 6.0.5.3-94o",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.v versions ant\u00e9rieures \u00e0 6.5.4.v-21s-987",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5138"
    },
    {
      "name": "CVE-2020-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5142"
    },
    {
      "name": "CVE-2020-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5140"
    },
    {
      "name": "CVE-2020-5133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5133"
    },
    {
      "name": "CVE-2020-5143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5143"
    },
    {
      "name": "CVE-2020-5136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5136"
    },
    {
      "name": "CVE-2020-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5137"
    },
    {
      "name": "CVE-2020-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5134"
    },
    {
      "name": "CVE-2020-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5141"
    },
    {
      "name": "CVE-2020-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5135"
    },
    {
      "name": "CVE-2020-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5139"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-651",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Sonicwall SonicOS.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sonicwall SonicOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0009 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0013 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0011 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0016 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0012 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0015 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0018 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0017 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0008 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0008"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0010 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0014 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014"
    }
  ]
}

CERTFR-2020-AVI-651

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Sonicwall	SonicOS	SonicOS 6.5.1.x versions antérieures à 6.5.1.12-1n
Sonicwall	SonicOS	Gen 7 versions antérieures à 7.0.0.0-2
Sonicwall	SonicOS	SonicOS 6.5.4.x versions antérieures à 6.5.4.7-83n
Sonicwall	SonicOS	SonicOS 5.9.x versions antérieures à 5.9.2.13-7n
Sonicwall	SonicOS	SonicOS 6.0.x versions antérieures à 6.0.5.3-94o
Sonicwall	SonicOS	SonicOS 6.5.4.v versions antérieures à 6.5.4.v-21s-987

References

Title

Publication Time

Tags

Bulletin de sécurité Sonicwall SNWLID-2020-0009 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0013 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0011 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0016 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0012 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0015 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0018 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0017 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0008 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0010 du 12 octobre 2020	None	vendor-advisory
Bulletin de sécurité Sonicwall SNWLID-2020-0014 du 12 octobre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SonicOS 6.5.1.x versions ant\u00e9rieures \u00e0 6.5.1.12-1n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "Gen 7 versions ant\u00e9rieures \u00e0 7.0.0.0-2",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.x versions ant\u00e9rieures \u00e0 6.5.4.7-83n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 5.9.x versions ant\u00e9rieures \u00e0 5.9.2.13-7n",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.0.x versions ant\u00e9rieures \u00e0 6.0.5.3-94o",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    },
    {
      "description": "SonicOS 6.5.4.v versions ant\u00e9rieures \u00e0 6.5.4.v-21s-987",
      "product": {
        "name": "SonicOS",
        "vendor": {
          "name": "Sonicwall",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5138"
    },
    {
      "name": "CVE-2020-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5142"
    },
    {
      "name": "CVE-2020-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5140"
    },
    {
      "name": "CVE-2020-5133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5133"
    },
    {
      "name": "CVE-2020-5143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5143"
    },
    {
      "name": "CVE-2020-5136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5136"
    },
    {
      "name": "CVE-2020-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5137"
    },
    {
      "name": "CVE-2020-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5134"
    },
    {
      "name": "CVE-2020-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5141"
    },
    {
      "name": "CVE-2020-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5135"
    },
    {
      "name": "CVE-2020-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5139"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-651",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Sonicwall SonicOS.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sonicwall SonicOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0009 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0013 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0011 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0016 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0012 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0015 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0018 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0017 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0008 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0008"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0010 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sonicwall SNWLID-2020-0014 du 12 octobre 2020",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5141 (GCVE-0-2020-5141)

GSD-2020-5141

VAR-202010-1193

FKIE_CVE-2020-5141

CNVD-2021-28770

GHSA-VHRG-9CJQ-6J3H

CERTFR-2020-AVI-651

Solution

CERTFR-2020-AVI-651

Solution

Tags

Sightings

Nomenclature