What is CVE-2020-5139?

CVE-2020-5139 is a vulnerability in SonicOS SSLVPN service that allows a remote unauthenticated attacker to cause Denial of Service (DoS).

Which versions of SonicOS are affected by CVE-2020-5139?

SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicWall SonicOS 7.0.0.0, and Sonicwall Sonicosv 6.5.4.4 are affected by CVE-2020-5139.

How does CVE-2020-5139 work?

CVE-2020-5139 works by exploiting a vulnerability in the SonicOS SSLVPN service that leads to the release of an invalid pointer, causing a firewall crash and resulting in a Denial of Service (DoS) condition.

What is the severity of CVE-2020-5139?

CVE-2020-5139 has a severity rating of 7.5 (high).

How can I mitigate the risk of CVE-2020-5139?

To mitigate the risk of CVE-2020-5139, it is recommended to upgrade to the latest version of SonicOS and apply the patches provided by SonicWall. Additionally, ensure that proper firewall rules and access controls are in place to restrict access to the affected SSLVPN service.

Vulnerability/
CVE-2020-5139

high

7.5

CWE

763

12/10/2020

23/10/2020

CVE-2020-5139

First published: Mon Oct 12 2020(Updated: )

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Credit: PSIRT@sonicwall.com

Affected Software	Affected Version	How to fix
SonicWall SonicOS	<=5.9.1.13
SonicWall SonicOS	>=6.0.0.0<=6.0.5.3
SonicWall SonicOS	>=6.5.0.0<=6.5.1.11
SonicWall SonicOS	>=6.5.4.0<=6.5.4.7
SonicWall SonicOS	=7.0.0.0
Sonicwall Sonicosv	<=6.5.4.4

Never miss a vulnerability like this again

Reference Links

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0014

Frequently Asked Questions

What is CVE-2020-5139?
CVE-2020-5139 is a vulnerability in SonicOS SSLVPN service that allows a remote unauthenticated attacker to cause Denial of Service (DoS).
Which versions of SonicOS are affected by CVE-2020-5139?
SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicWall SonicOS 7.0.0.0, and Sonicwall Sonicosv 6.5.4.4 are affected by CVE-2020-5139.
How does CVE-2020-5139 work?
CVE-2020-5139 works by exploiting a vulnerability in the SonicOS SSLVPN service that leads to the release of an invalid pointer, causing a firewall crash and resulting in a Denial of Service (DoS) condition.
What is the severity of CVE-2020-5139?
CVE-2020-5139 has a severity rating of 7.5 (high).
How can I mitigate the risk of CVE-2020-5139?
To mitigate the risk of CVE-2020-5139, it is recommended to upgrade to the latest version of SonicOS and apply the patches provided by SonicWall. Additionally, ensure that proper firewall rules and access controls are in place to restrict access to the affected SSLVPN service.

collector/nvd-index
vendor/sonicwall
canonical/sonicwall sonicos
version/sonicwall sonicos/5.9.1.13
version/sonicwall sonicos/6.0.0.0
version/sonicwall sonicos/6.0.5.3
version/sonicwall sonicos/6.5.0.0
version/sonicwall sonicos/6.5.1.11
version/sonicwall sonicos/6.5.4.0
version/sonicwall sonicos/6.5.4.7
version/sonicwall sonicos/7.0.0.0
canonical/sonicwall sonicosv
version/sonicwall sonicosv/6.5.4.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.