CVE-2020-5139
First published: Mon Oct 12 2020(Updated: )
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Credit: PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWall SonicOS | <=5.9.1.13 | |
| SonicWall SonicOS | >=6.0.0.0<=6.0.5.3 | |
| SonicWall SonicOS | >=6.5.0.0<=6.5.1.11 | |
| SonicWall SonicOS | >=6.5.4.0<=6.5.4.7 | |
| SonicWall SonicOS | =7.0.0.0 | |
| SonicWall SonicOSv for VMWARE | <=6.5.4.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-5139?
CVE-2020-5139 is a vulnerability in SonicOS SSLVPN service that allows a remote unauthenticated attacker to cause Denial of Service (DoS).
Which versions of SonicOS are affected by CVE-2020-5139?
SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicWall SonicOS 7.0.0.0, and Sonicwall Sonicosv 6.5.4.4 are affected by CVE-2020-5139.
How does CVE-2020-5139 work?
CVE-2020-5139 works by exploiting a vulnerability in the SonicOS SSLVPN service that leads to the release of an invalid pointer, causing a firewall crash and resulting in a Denial of Service (DoS) condition.
What is the severity of CVE-2020-5139?
CVE-2020-5139 has a severity rating of 7.5 (high).
How can I mitigate the risk of CVE-2020-5139?
To mitigate the risk of CVE-2020-5139, it is recommended to upgrade to the latest version of SonicOS and apply the patches provided by SonicWall. Additionally, ensure that proper firewall rules and access controls are in place to restrict access to the affected SSLVPN service.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sonicwall
- canonical/sonicwall sonicos
- version/sonicwall sonicos/5.9.1.13
- version/sonicwall sonicos/6.0.0.0
- version/sonicwall sonicos/6.0.5.3
- version/sonicwall sonicos/6.5.0.0
- version/sonicwall sonicos/6.5.1.11
- version/sonicwall sonicos/6.5.4.0
- version/sonicwall sonicos/6.5.4.7
- version/sonicwall sonicos/7.0.0.0
- canonical/sonicwall sonicosv for vmware
- version/sonicwall sonicosv for vmware/6.5.4.4