CVE-2020-5141

MEDIUM

SonicOS - Unauthenticated RCE

Title source: llm

Description

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

References (1)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0016

Scores

CVSS v3 6.5

EPSS 0.0046

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-799 CWE-307

Status published

Products (3)

sonicwall/sonicos 7.0.0.0

sonicwall/sonicos < 5.9.1.13

sonicwall/sonicosv < 6.5.4.4

Published Oct 12, 2020

Tracked Since Feb 18, 2026