Information disclosure in Sonicwall Sma100

CVE-2020-5132

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the S…

Vulnerability class: Information Disclosure

EPSS: 0.002 (38.6th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sma100 — versions SMA100 10.2.0.2-20sv
Sonicwall Sma1000 — versions SMA1000 12.4.0-2223
Sonicwall Sonicos — versions SonicOS 6.5.4.6-79n

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0006 (x_refsource_CONFIRM)