Details of VAR-202009-1341

ID

VAR-202009-1341

CVE

CVE-2020-5132

TITLE

SonicWall SSL-VPN Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-011847

DESCRIPTION

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. SonicWall SSL-VPN The product contains unspecified vulnerabilities.Information may be obtained. sonicwall ssl-vpn (sonicwall ssl-vpn, vpn) is a VPN connection solution of SonicWALL. This product is used for remote secure connections

Trust: 1.71

sources: NVD: CVE-2020-5132 // JVNDB: JVNDB-2020-011847 // VULHUB: VHN-183257

AFFECTED PRODUCTS

vendor:	sonicwall	model:	sma100	scope:	eq	version:	10.2.0.2-20sv	Trust: 1.0
vendor:	sonicwall	model:	sma100	scope:	eq	version:	12.4.0-2223	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.5.4.6-79n	Trust: 1.0
vendor:	sonicwall	model:	sma100	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sonicos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-011847 // NVD: CVE-2020-5132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5132
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-5132
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202009-1688
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-183257
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5132
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-183257
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5132
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-5132
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183257 // JVNDB: JVNDB-2020-011847 // CNNVD: CNNVD-202009-1688 // NVD: CVE-2020-5132

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011847 // NVD: CVE-2020-5132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1688

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202009-1688

PATCH

title:	SNWLID-2020-0006	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006	Trust: 0.8
title:	SonicWall SSL-VPN , SonicWall firewall SSL-VPN Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130291	Trust: 0.6

sources: JVNDB: JVNDB-2020-011847 // CNNVD: CNNVD-202009-1688

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5132	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-011847	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-1688	Trust: 0.6
db:	VULHUB	id:	VHN-183257	Trust: 0.1

sources: VULHUB: VHN-183257 // JVNDB: JVNDB-2020-011847 // CNNVD: CNNVD-202009-1688 // NVD: CVE-2020-5132

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0006	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5132	Trust: 1.4

sources: VULHUB: VHN-183257 // JVNDB: JVNDB-2020-011847 // CNNVD: CNNVD-202009-1688 // NVD: CVE-2020-5132

SOURCES

db:	VULHUB	id:	VHN-183257
db:	JVNDB	id:	JVNDB-2020-011847
db:	CNNVD	id:	CNNVD-202009-1688
db:	NVD	id:	CVE-2020-5132

LAST UPDATE DATE

2024-08-14T15:07:03.741000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183257	date:	2020-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-011847	date:	2021-04-16T06:55:00
db:	CNNVD	id:	CNNVD-202009-1688	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-5132	date:	2020-10-07T14:40:52.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183257	date:	2020-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-011847	date:	2021-04-16T00:00:00
db:	CNNVD	id:	CNNVD-202009-1688	date:	2020-09-30T00:00:00
db:	NVD	id:	CVE-2020-5132	date:	2020-09-30T06:15:12.953