Improper Control of Interaction Frequency
CVE-2020-5141
Summary
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-799 - Improper Control of Interaction Frequency
The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
References
Advisory Timeline
- Published