Improper Restriction of Excessive Authentication Attempts
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 18.104.22.168, 22.214.171.124, Gen 6 version 126.96.36.199, 188.8.131.52, 184.108.40.206, SonicOSv 6.5.4.v and Gen 7 version SonicOS 220.127.116.11.
CWE-307 - Improper Restriction of Excessive Authentication Attempts
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.