Vulnerabilities > CVE-2020-5143 - Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sonicwall

CWE-203

NVD

Published: 2020-10-12

Updated: 2020-10-23

Summary

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Vulnerable Configurations

Part	Description	Count
OS	Sonicwall Sonicwall Sonicos 5.0.0.0 Sonicwall Sonicos 5.0.0.6 Sonicwall Sonicos 5.0.0.8 Sonicwall Sonicos 5.0.0.13 Sonicwall Sonicos 5.8.0.2 Sonicwall Sonicos 5.8.1.5 Sonicwall Sonicos 5.8.1.10 Sonicwall Sonicos 5.9.0.0 Sonicwall Sonicos 5.9.1.0 Sonicwall Sonicos 5.9.1.10 Sonicwall Sonicos * Sonicwall Sonicos 6.5.1.3 Sonicwall Sonicos 6.5.1.5 Sonicwall Sonicos 6.5.4.0 Sonicwall Sonicos 6.5.4.3 Sonicwall Sonicos 6.5.4.4 Sonicwall Sonicos 6.5.4.4-44N Sonicwall Sonicos 6.5.4.5 Sonicwall Sonicos 6.5.4.7 Sonicwall Sonicos 7.0.0.0 Sonicwall Sonicosv *	21

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0018