The vulnerability of the SonicOS operating system, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.

SonicOS has a vulnerability with weak operational data protection that enables remote access via a crafted web request.

Reporter	Title	Published	Views	Family All 142
ATTACKERKB	CVE-2020-5135	12 Oct 202000:00	–	attackerkb
Information Security Automation	Last Week’s Security news: Cisco ASA, BIG-IQ, vSphere, Solaris, Dlink, iPhone %s, DarkRadiation, Google schema, John McAfee	28 Jun 202110:59	–	avleonov
BDU FSTEC	The vulnerability of the SonicOS operating systems lies in the lack of a mechanism to check the size of copied data. This allows attackers to execute arbitrary code or cause service failures.	17 Sep 202100:00	–	bdu_fstec
Circl	CVE-2020-5135	14 Oct 202011:19	–	circl
Circl	CVE-2021-20019	23 Jun 202107:27	–	circl
CISA KEV Catalog	SonicWall SonicOS Buffer Overflow Vulnerability	15 Mar 202200:00	–	cisa_kev
CISA	CISA Adds 15 Known Exploited Vulnerability to Catalog	15 Mar 202200:00	–	cisa
CNNVD	SonicWALL SonicOS 缓冲区错误漏洞	22 Jun 202100:00	–	cnnvd
CNVD	SonicWALL SonicOS Buffer Overflow Vulnerability (CNVD-2021-28764)	13 Oct 202000:00	–	cnvd
CVE	CVE-2020-5135	12 Oct 202010:40	–	cve

Vulners

Node

sonicwall sonicosvRange≤6.5.4.4-44v-21-955

sonicwall sonicosRange6.5.4.7–6.5.4.7-83n

sonicwall sonicosRange6.5.1.0–6.5.1.12-3n

sonicwall sonicosRange≤6.0.5.3-94o

sonicwall sonicosRange7.0.0-r713–7.0.0.376

sonicwall sonicosRange7.0.1–7.0.1-r1036

sonicwall sonicosRange7.0.0–7.0.0-r713

Source	Link
xakep	www.xakep.ru/2021/06/23/cve-2021-20019/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-20019
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0006
tenable	www.tenable.com/blog/cve-2021-20019-sonicwall-fixes-incomplete-patch-for-cve-2020-5135
web	www.web.nvd.nist.gov/view/vuln/detail

17 Sep 2021 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 25

CVSS 37.5

EPSS0.26869