Vulnerability Details CVE-2020-5132
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.3%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-5132
-
cpe:2.3:h:sonicwall:sma100:-
-
cpe:2.3:o:sonicwall:sma100_firmware:10.2.0.2-20sv
-
cpe:2.3:o:sonicwall:sma100_firmware:12.4.0-2223
-
cpe:2.3:o:sonicwall:sonicos:6.5.4.6-79n