Multiple vulnerabilities in SonicWall SonicOS
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2020-5142 CVE-2020-5141 CVE-2020-5140 CVE-2020-5139 CVE-2020-5138 CVE-2020-5137 CVE-2020-5136 CVE-2020-5135 CVE-2020-5134 CVE-2020-5143 CVE-2020-5133 |
| CWE-ID | CWE-79 CWE-799 CWE-125 CWE-822 CWE-122 CWE-119 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #8 is being exploited in the wild. |
| Vulnerable software Subscribe |
SonicOS Operating systems & Components / Operating system |
| Vendor | SonicWall |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU47691
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5142
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the SSLVPN web interface. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper control of interaction frequency
EUVDB-ID: #VU47690
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5141
CWE-ID:
CWE-799 - Improper Control of Interaction Frequency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a brute-force attack.
The vulnerability exists due to usage of predictable Virtual Assist ticket identifiers and lack of anti-automation protection. A remote non-authenticated attacker can brute-force the Virtual Assist ticket ID in the firewall SSLVPN service.
MitigationInstall update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU47689
Risk: High
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5140
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSLVPN service when processing HTTP requests. A remote non-authenticated attacker can send specially crafted HTTP request to the device and crash it.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0015
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Untrusted Pointer Dereference
EUVDB-ID: #VU47688
Risk: High
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5139
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due to untrusted pointer dereference within the SSLVPN service. A remote non-authenticated attacker can send a specially crafted request to the device and crash it.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU47687
Risk: High
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5138
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the SSLVPN service. A remote non-authenticated attacker can send specially crafted request to the device and crash it.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0013
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU47686
Risk: High
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5137
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due to a boundary error when processing requests within the SSLVPN service. A remote non-authenticated attacker can send specially crafted request to the system and crash it.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0012
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU47685
Risk: High
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5136
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due to a boundary error when processing requests. A remote non-authenticated attacker can send specially crafted request to the SSL-VPN and virtual assist portal, trigger memory corruption and crash the system.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0011
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU47684
Risk: Critical
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5135
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing requests. A remote non-authenticated attacker can send specially crafted request to the system, trigger memory corruption and crash the firewall or execute arbitrary code on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSonicOS: 6.0 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU47683
Risk: Medium
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5134
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote authenticated user can send specially crafted request to the system, trigger an out-of-bound invalid file reference and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0009
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU47682
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5143
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application on the SonicOS SSLVPN login page. A remote attacker can enumerate firewall administrators based on returned responses.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 5.9 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU47681
Risk: High
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-5133
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary when processing network traffic. A remote non-authenticated attacker can send specially crafted traffic to the device and crash the firewall.
Install update from vendor's website.
Vulnerable software versionsSonicOS: 6.0 - 7.0
External linkshttp://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0008
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
