PT-2020-18269 · Sonicwall · Sonicwall Sma1000

Published

2020-03-26

Updated

2020-03-30

CVE-2020-5129

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 versions 12.1.0-06411 and earlier

Description A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause an HTTP server crash, leading to Denial of Service.

Recommendations For versions 12.1.0-06411 and earlier, update to a version later than 12.1.0-06411 to resolve the issue. As a temporary workaround, consider restricting access to the HTTP Extraweb server to minimize the risk of exploitation.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444CWE-248

Related Identifiers

CVE-2020-5129

Affected Products

Sonicwall Sma1000

PT-2020-18269 · Sonicwall · Sonicwall Sma1000

CVE-2020-5129

Weakness Enumeration

Related Identifiers

Affected Products

References · 4