Vulnerabilities > CVE-2020-5141 - Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos and Sonicosv

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
sonicwall
CWE-307
NVD
Published: 2020-10-12
Updated: 2020-10-23

Summary

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Vulnerable Configurations

Part Description Count
OS
Sonicwall
50

Common Weakness Enumeration (CWE)

References