CVE-2020-5130 — Improper Input Validation in Sonicos

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.6%

top 31.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall Sonicos

Timeline

PublishedJul 17

Latest updateMay 24

Description

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsonicwall/sonicos6.5.4.4-44n

▶CVEListV5sonicwall/sonicos6.5.4.4-44n and earlier

🔴Vulnerability Details

GHSA

GHSA-4ggw-3x5g-hjm6: SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request↗2022-05-24

▶

CVEList

CVE-2020-5130: SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request↗2020-07-17

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Web Listener (LibXML2) — CVE-2017-5130↗2020-04-15

▶