Vulnerabilities > CVE-2020-5143 - Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sonicwall
CWE-203
NVD
Published: 2020-10-12
Updated: 2020-10-23

Summary

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Vulnerable Configurations

Part Description Count
OS
Sonicwall
50

Common Weakness Enumeration (CWE)

References