Improper Control of Interaction Frequency

CVE-2020-5141

Medium

6.5/10

Summary

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-799 - Improper Control of Interaction Frequency

The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

References

Advisory Timeline

Published Oct 12, 2020

Improper Control of Interaction Frequency

CVE-2020-5141

Summary

CWE-799 - Improper Control of Interaction Frequency

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS