cbcvebase.
CVE-2020-5135
published 2020-10-12

CVE-2020-5135: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a…

PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-04-05
Exploited in the wild
EPSS
26.87%
97.8th percentile
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Affected

10 ranges
VendorProductVersion rangeFixed in
sonicwallsonicos<= 6.0.5.3
sonicwallsonicos
sonicwallsonicos
sonicwallsonicos
sonicwallsonicos
sonicwallsonicos
sonicwallsonicos
sonicwallsonicos6.5.0.0 – 6.5.1.11
sonicwallsonicos6.5.4.0 – 6.5.4.7
sonicwallsonicosv<= 6.5.4.4

Detection & IOCsextracted from sources · hover to see the quote

otherproduct:"SonicWALL firewall http config"
otherproduct:"SonicWALL SSL-VPN http proxy"
  • Exploit vector is a specially crafted HTTP request sent to a vulnerable SonicWall device by a remote, unauthenticated attacker; monitor for anomalous/malformed HTTP requests targeting SonicOS management or SSL-VPN interfaces.
  • Use Shodan queries for 'SonicWALL firewall http config' and 'SonicWALL SSL-VPN http proxy' to identify internet-exposed SonicWall devices in your attack surface that may be vulnerable.
  • ·The original CVE-2020-5135 patch was incomplete; SonicWall issued a new advisory (SNWLID-2021-0006) and CVE-2021-20019 to address the residual issue. Ensure the correct follow-on patches are applied, not just the original October 2020 fix.
  • ·SonicWall's own advisory contains a version discrepancy for the 6.5.4.x branch: the affected range is listed as 'SonicOS 6.5.4.7-83 and below' in one place and '6.5.4.8-83 and below' in the fixed software table. Verify the exact affected/fixed version against the official advisory.
  • ·At time of publication, patches for SonicOS 6.0.5.3-94o and below and SonicOS 6.5.1.12-3n and below were still pending; confirm current patch availability before assuming full remediation.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.