Sign-up

ID

VAR-202007-1290


CVE

CVE-2020-5130


TITLE

SonicOS SSLVPN LDAP Vulnerability regarding input verification in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008294

DESCRIPTION

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. SonicOS SSLVPN LDAP There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. SonicWall SonicOS is a set of operating system specially designed for SonicWall firewall equipment of SonicWall Company in the United States. An input validation error vulnerability exists in SonicWall SonicOS 6.5.4.4-44n and prior versions. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2020-5130 // JVNDB: JVNDB-2020-008294 // VULHUB: VHN-183255

AFFECTED PRODUCTS

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.4.4-44n

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.5.4.4-44n

Trust: 0.8

sources: JVNDB: JVNDB-2020-008294 // NVD: CVE-2020-5130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5130
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008294
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1275
value: MEDIUM

Trust: 0.6

VULHUB: VHN-183255
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5130
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008294
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183255
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5130
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008294
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183255 // JVNDB: JVNDB-2020-008294 // CNNVD: CNNVD-202007-1275 // NVD: CVE-2020-5130

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-183255 // JVNDB: JVNDB-2020-008294 // NVD: CVE-2020-5130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1275

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008294

PATCH
title:SNWLID-2020-0003url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0003
Trust: 0.8
title:SonicWall SonicOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124263
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008294 // 
            
            
            
            CNNVD: CNNVD-202007-1275

EXTERNAL IDS
db:NVDid:CVE-2020-5130
Trust: 2.5
db:JVNDBid:JVNDB-2020-008294
Trust: 0.8
db:CNNVDid:CNNVD-202007-1275
Trust: 0.7
db:CNVDid:CNVD-2020-44904
Trust: 0.1
db:VULHUBid:VHN-183255
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183255 // 
            
            
            
            JVNDB: JVNDB-2020-008294 // 
            
            
            
            CNNVD: CNNVD-202007-1275 // 
            
            
            
            NVD: CVE-2020-5130

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0003
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5130
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5130
Trust: 0.8
sources:
            
            
            VULHUB: VHN-183255 // 
            
            
            
            JVNDB: JVNDB-2020-008294 // 
            
            
            
            CNNVD: CNNVD-202007-1275 // 
            
            
            
            NVD: CVE-2020-5130

SOURCES
db:VULHUBid:VHN-183255
db:JVNDBid:JVNDB-2020-008294
db:CNNVDid:CNNVD-202007-1275
db:NVDid:CVE-2020-5130

LAST UPDATE DATE
2024-08-14T15:12:16.035000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183255date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-008294date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1275date:2020-07-23T00:00:00
db:NVDid:CVE-2020-5130date:2020-07-22T15:07:05.257

SOURCES RELEASE DATE
db:VULHUBid:VHN-183255date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008294date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1275date:2020-07-17T00:00:00
db:NVDid:CVE-2020-5130date:2020-07-17T18:15:12.893