SonicWall Fixes Incomplete Patch for CVE-2020-5135 On June...

SonicWall Fixes Incomplete Patch for CVE-2020-5135

On June 22, SonicWall issued a new advisory (SNWLID-2021-0006) for a vulnerability in its operating system, SonicOS. SonicOS is used across a number of SonicWall devices, including its SSL VPN. The new advisory addresses an incomplete patch for CVE-2020-5135, which we wrote about in October 2020.

The incomplete patch was identified by Craig Young of Tripwire’s Vulnerability and Exposure Research Team (VERT). Young was one of two researchers credited with discovering CVE-2020-5135.

As part of its new advisory, SonicWall issued a new CVE identifier for the fix: CVE-2021-20019

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

SonicWall Fixes Incomplete Patch for CVE-2020-5135 On June...

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia