CVE-2020-5145
published 2020-10-28CVE-2020-5145: SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead…
PriorityP342high8.6CVSS 3.1
AVLACLPRNUIRSCCHIHAH
EPSS
1.19%
64.1th percentile
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | global_vpn_client | <= 4.10.4.0314 | — |
| sonicwall | sonicwall_global_vpn_client | — | — |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wc6x-3m7q-96pv: SonicWall Global VPN client version 4
ghsa_unreviewed·2022-05-24
CVE-2020-5145 [HIGH] CWE-427 GHSA-wc6x-3m7q-96pv: SonicWall Global VPN client version 4
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
SonicWall
CVE-2020-5145: SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation co
vendor_sonicwall·2020-10-28·CVSS 8.6
CVE-2020-5145 [HIGH] CWE-427 CVE-2020-5145: SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation co
CVE-2020-5145: SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-10-28
Published