Sign-up

ID

VAR-202007-1291


CVE

CVE-2020-5131


TITLE

SonicWall NetExtender Windows Input verification vulnerability in client

Trust: 0.8

sources: JVNDB: JVNDB-2020-008295

DESCRIPTION

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. SonicWall NetExtender Windows The client is vulnerable to input verification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. SonicWall NetExtender Windows client is a Windows-based SSL VPN (virtual private network) client application developed by SonicWall in the United States

Trust: 1.71

sources: NVD: CVE-2020-5131 // JVNDB: JVNDB-2020-008295 // VULHUB: VHN-183256

AFFECTED PRODUCTS

vendor:sonicwallmodel:netextenderscope:lteversion:9.0.815

Trust: 1.0

vendor:sonicwallmodel:netextenderscope:eqversion:9.0.815

Trust: 0.8

sources: JVNDB: JVNDB-2020-008295 // NVD: CVE-2020-5131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5131
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008295
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1276
value: HIGH

Trust: 0.6

VULHUB: VHN-183256
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5131
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008295
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183256
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5131
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008295
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183256 // JVNDB: JVNDB-2020-008295 // CNNVD: CNNVD-202007-1276 // NVD: CVE-2020-5131

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-183256 // JVNDB: JVNDB-2020-008295 // NVD: CVE-2020-5131

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1276

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1276

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008295

PATCH
title:SNWLID-2020-0004url:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0004
Trust: 0.8
title:SonicWall NetExtender Windows client Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124957
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008295 // 
            
            
            
            CNNVD: CNNVD-202007-1276

EXTERNAL IDS
db:NVDid:CVE-2020-5131
Trust: 2.5
db:JVNDBid:JVNDB-2020-008295
Trust: 0.8
db:CNNVDid:CNNVD-202007-1276
Trust: 0.7
db:CNVDid:CNVD-2020-44619
Trust: 0.1
db:VULHUBid:VHN-183256
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183256 // 
            
            
            
            JVNDB: JVNDB-2020-008295 // 
            
            
            
            CNNVD: CNNVD-202007-1276 // 
            
            
            
            NVD: CVE-2020-5131

REFERENCES
url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0004
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5131
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5131
Trust: 0.8
sources:
            
            
            VULHUB: VHN-183256 // 
            
            
            
            JVNDB: JVNDB-2020-008295 // 
            
            
            
            CNNVD: CNNVD-202007-1276 // 
            
            
            
            NVD: CVE-2020-5131

SOURCES
db:VULHUBid:VHN-183256
db:JVNDBid:JVNDB-2020-008295
db:CNNVDid:CNNVD-202007-1276
db:NVDid:CVE-2020-5131

LAST UPDATE DATE
2024-11-23T22:44:28.597000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183256date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-008295date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1276date:2020-07-29T00:00:00
db:NVDid:CVE-2020-5131date:2024-11-21T05:33:36.080

SOURCES RELEASE DATE
db:VULHUBid:VHN-183256date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008295date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1276date:2020-07-17T00:00:00
db:NVDid:CVE-2020-5131date:2020-07-17T18:15:12.973