Unrated severityNVD Advisory· Published Sep 30, 2020· Updated Aug 4, 2024

CVE-2020-5132

Description

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.

Affected products

SonicWall/SMA100cpe-rescue2 versions
SMA100 10.2.0.2-20sv+ 1 more
- (no CPE)range: SMA100 10.2.0.2-20sv
- (no CPE)range: SMA1000 12.4.0-2223
SonicWall/Sonicoscpe-rescue
Range: SonicOS 6.5.4.6-79n

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000