OVERVIEW
Advisory ID SNWLID-2020-0003
First Published 2020-07-16
Last Updated 2020-07-16
Workaround false
Status Applicable
CVE CVE-2020-5130
CWE CWE-20
CVSS v3 5.8
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
SUMMARY
SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier.
AFFECTED PRODUCT(S)
SonicOS 6.5.4.4-44n and earlier
CPE(S)
WORKAROUND
FIXED SOFTWARE
SonicOS 6.5.4.6-79n
COMMENTS
CREDIT(S)
Ken Pyle
REVISION HISTORY
Version
1.0
Date
16-July-2020
Description
Initial Release.