CVE-2020-5135

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

List of frequently cited URLs

URL	Num of Times Referred to
https://isc.sans.edu/diary/rss/26692	6
http://mi6rogue.com/news	5
https://www.tenable.com/blog/cve-2020-5135-critical-sonicwa...	5
https://threatpost.com/critical-sonicwall-vpn-bug/160108/	4
https://ift.tt/353bMkK	3
https://twitter.com/n0x08/status/1316467649497370624	3
https://www.zdnet.com/article/800000-sonicwall-vpns-vulnera...	3
http://tweetedtimes.com/behkxyz?s=tnp	3
https://www.tripwire.com/state-of-security/vert/sonicwall-v...	3
https://securityaffairs.co/wordpress/109560/hacking/sonicwa...	3
https://www.helpnetsecurity.com/2020/10/16/cve-2020-5135/	3
http://www.atlantatechblogs.com/posts/20080/redirect	3
https://www.bleepingcomputer.com/news/security/critical-son...	3

Information from Twitter

User	URL	Info Source	Date
threatintelctr	https://nvd.nist.gov/vuln/detail/CVE-2020-5135	Source threatintelctr 1565915527230390274	2022/09/03
RemotelyAlerts	http://alerts.remotelyrmm.com/CVE-2020-5135	Source RemotelyAlerts 1565935175661260801	2022/09/03
threatintelctr	https://nvd.nist.gov/vuln/detail/CVE-2020-5135	Source threatintelctr 1566096722777997314	2022/09/04
threatintelctr	https://nvd.nist.gov/vuln/detail/CVE-2020-5135	Source threatintelctr 1566285502709374977	2022/09/04
threatintelctr	https://nvd.nist.gov/vuln/detail/CVE-2020-5135	Source threatintelctr 1566398710665420803	2022/09/04

URL	Num of Times Referred to
isc.sans.edu	6
mi6rogue.com	5
www.tenable.com	5
threatpost.com	4
ift.tt	3
twitter.com	3
www.zdnet.com	3
tweetedtimes.com	3
www.tripwire.com	3
securityaffairs.co	3
www.helpnetsecurity.com	3
www.atlantatechblogs.com	3
www.bleepingcomputer.com	3

User	URL	Info Source
threatintelctr	nvd.nist.gov	Show Tweet
RemotelyAlerts	alerts.remotelyrmm.com	Show Tweet
threatintelctr	nvd.nist.gov	Show Tweet
threatintelctr	nvd.nist.gov	Show Tweet
threatintelctr	nvd.nist.gov	Show Tweet

Name	URL
No Data

Name	URL
No Data

2022/09/04 Score : 3
Added Har-sia Database : 2020/10/12
Last Modified : 2022/09/04
Highest Scored Date : 2020/10/16
Highest Score : 67

CVE-2020-5135

Description from NVD

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

Refer to Information on External Sites

Information from Twitter

Information from Twitter