CVE-2020-5130
published 2020-07-17CVE-2020-5130: SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This…
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
1.25%
65.7th percentile
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sonicos | <= 6.5.4.4-44n | — |
| sonicwall | sonicos | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_oracle8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4ggw-3x5g-hjm6: SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request
ghsa_unreviewed·2022-05-24
CVE-2020-5130 [MEDIUM] GHSA-4ggw-3x5g-hjm6: SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Web Listener (LibXML2) — CVE-2017-5130
vendor_oracle·2020-04-15·CVSS 8.8
CVE-2017-5130 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Web Listener (LibXML2) — CVE-2017-5130
Oracle Oracle Fusion Middleware Risk Matrix: Web Listener (LibXML2) vulnerability
CVE: CVE-2017-5130
CVSS: 8.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2020 (APR 2020)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-17
Published