CVE-2020-5132

5.3MEDIUM

Key Information:

Vendor: Sonicwall
Status: Sma100; Sma1000; Sonicos
Vendor: CVE Published:; 30 September 2020

Summary

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.

Affected Version(s)

SMA100 SMA100 10.2.0.2-20sv

SMA1000 SMA1000 12.4.0-2223

SonicOS SonicOS 6.5.4.6-79n

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2020
Vulnerability Reserved
Dec 31, 2019

Collectors

NVD DatabaseMitre Database