A vulnerability in the SonicWall Capture Security Center was allowing access to the managed firewall without authentication

A vulnerability in the SonicWall Capture Security Center – Cloud Security Management Service was allowing users to access managed firewalls without authentication, this issue has been resolved and a security patch has been pushed out to all affected Capture Security Center – Management and Analytics (CSC-MA) servers.
CVE: N/A
Last updated: Oct. 22, 2020, 7:56 p.m.

SonicOS SSLVPN Stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v.
CVE: CVE-2020-5142
Last updated: Oct. 20, 2020, 9:50 a.m.

SonicOS SSLVPN service unauthenticated malicious HTTP request leads to memory addresses leak

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v.
CVE: CVE-2020-5140
Last updated: Oct. 20, 2020, 9:43 a.m.

SonicOS SSLVPN service unauthenticated release of Invalid pointer to cause Denial of Service (DoS) vulnerability and leads to firewall crash

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v.
CVE: CVE-2020-5139
Last updated: Oct. 20, 2020, 9:40 a.m.

SonicOS SSLVPN unauthenticated Heap Overflow vulnerability allows a remote attacker to cause Denial of Service (DoS)

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, and SonicOSv 6.5.4.v.
CVE: CVE-2020-5138
Last updated: Oct. 20, 2020, 9:18 a.m.