PT-2020-29: Denial of service and potential arbitrary code execution in SonicOS

CRITICAL

(9.4) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

THREATSCAPE

Analytics articles

10 December 2024
Artificial intelligence in cyberattacks
9 December 2024
A look at India through the dark web: what hackers are after
27 November 2024
Cyberthreats in the financial industry: H2 2023 – H1 2024

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vulnerable product:

SonicOS, SonicOSv

Severity:

Severity level: High
Impact: Denial of service and potential arbitrary code execution in SonicOS
Access Vector: Remote

CVSS v3.0
Base Score: 9,4
Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
CVE-2020-5135

Vulnerability description:

The vulnerability, which is associated with buffer overflow in SonicOS, allows a remote attacker to cause a denial of service (DoS) and potentially execute arbitrary code.

Advisory status:

26.06.2020 - Vendor notification date
12.10.2020 - Security advisory publication date (https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010)

Credits:

The vulnerability was discovered by Nikita Abramov, Positive Research Center (Positive Technologies Company)

Identifier:

CVE-2020-5135

Vendor:

SonicWall

Vulnerable product:

SonicOS, SonicOSv

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Pilot
application

Test drive our solutions with a customized pilot program.