CVE-2020-5135

critical

Description

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

From the Tenable Blog

CVE-2021-20019: SonicWall Fixes Incomplete Patch for CVE-2020-5135

CVE-2021-20019: SonicWall Fixes Incomplete Patch for CVE-2020-5135

Published: 2021-06-23

SonicWall issues a new advisory and CVE identifier to address an incomplete fix for CVE-2020-5135.

CVE-2020-5135: Critical SonicWall VPN Portal Stack-based Buffer Overflow Vulnerability

CVE-2020-5135: Critical SonicWall VPN Portal Stack-based Buffer Overflow Vulnerability

Published: 2020-10-15

Researchers disclose a critical pre-authentication vulnerability in the SonicWall VPN Portal that is easily exploitable.

References

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-is-targeting-vulnerable-sonicwall-devices/

https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective

https://www.tenable.com/blog/cve-2021-20019-sonicwall-fixes-incomplete-patch-for-cve-2020-5135

https://www.tenable.com/blog/cve-2020-5135-critical-sonicwall-vpn-portal-stack-based-buffer-overflow-vulnerability

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010

Details

Source: Mitre, NVD

Published: 2020-10-12

Updated: 2025-04-02

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.38851