PT-2020-18282 · Sonicwall · Sonicos Gen 7+3
Nikita Abramov
·
Published
2020-10-12
·
Updated
2020-10-23
·
CVE-2020-5143
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SonicOS Gen 5 versions 5.9.1.7 through 5.9.1.13
SonicOS Gen 6 versions 6.0.5.3 through 6.5.4.7
SonicOSv version 6.5.4.v
SonicOS Gen 7 version 7.0.0.0
Description
The SonicOS SSLVPN login page is affected by an issue that allows a remote unauthenticated attacker to enumerate firewall management administrator usernames based on server responses.
Recommendations
For SonicOS Gen 5 versions 5.9.1.7 through 5.9.1.13, update to a version that includes the fix for this issue.
For SonicOS Gen 6 versions 6.0.5.3 through 6.5.4.7, update to a version that includes the fix for this issue.
For SonicOSv version 6.5.4.v, update to a version that includes the fix for this issue.
For SonicOS Gen 7 version 7.0.0.0, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the SSLVPN login page to minimize the risk of exploitation.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicos Gen 5
Sonicos Gen 6
Sonicos Gen 7
Sonicos