CVE-2020-5132

Published: Sep 30, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.

Affected (3)

Products: Sonicwall: Sma100 Firmware, Sonicos

2 products

Sma100 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Sma100 Firmware	Version 10.2.0.2-20sv
Sonicwall Sma100 Firmware	Version 12.4.0-2223

Running on/with	Platform Versions
Sonicwall Sma100	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Sonicos	Version 6.5.4.6-79n

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006

Source: PSIRT@sonicwall.com

Vendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.