PT-2020-18277 · Sonicwall · Sonicos Gen 7+2
Nikita Abramov
·
Published
2020-10-12
·
Updated
2021-10-18
·
CVE-2020-5138
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SonicOS versions 5.9.1.7 through 5.9.1.13
SonicOS Gen 6 versions 6.0.5.3 through 6.5.4.7
SonicOSv version 6.5.4.v
SonicOS Gen 7 version 7.0.0.0
Description
A Heap Overflow issue in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service, leading to a SonicOS crash.
Recommendations
For SonicOS versions 5.9.1.7 through 5.9.1.13, update to a version that fixes the Heap Overflow issue.
For SonicOS Gen 6 versions 6.0.5.3 through 6.5.4.7, update to a version that fixes the Heap Overflow issue.
For SonicOSv version 6.5.4.v, update to a version that fixes the Heap Overflow issue.
For SonicOS Gen 7 version 7.0.0.0, update to a version that fixes the Heap Overflow issue.
Fix
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sonicos
Sonicos Gen 6
Sonicos Gen 7