Skip to main content

Improper Control of Interaction Frequency

CVE-2020-5141

Severity Medium
Score 6.5/10

Summary

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-799 - Improper Control of Interaction Frequency

The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

References

Advisory Timeline

  • Published