A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sonicos | Sonicwall | * | 5.9.1.13 (including) |
Sonicos | Sonicwall | 6.0.0.0 (including) | 6.0.5.3 (including) |
Sonicos | Sonicwall | 6.5.0.0 (including) | 6.5.1.11 (including) |
Sonicos | Sonicwall | 6.5.4.0 (including) | 6.5.4.7 (including) |
Sonicos | Sonicwall | 7.0.0.0 (including) | 7.0.0.0 (including) |
Sonicosv | Sonicwall | * | 6.5.4.4 (including) |