CVE-2020-5132
N/A
N/A
Summary
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SonicWall | SMA100 | SMA100 10.2.0.2-20sv | affected |
| SonicWall | SMA1000 | SMA1000 12.4.0-2223 | affected |
| SonicWall | SonicOS | SonicOS 6.5.4.6-79n | affected |
Weaknesses
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.