Vulnerability-Lookup

CVE-2020-5144 (GCVE-0-2020-5144)

Vulnerability from cvelistv5 – Published: 2020-10-28 10:40 – Updated: 2024-08-04 08:22

Summary

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-426 - Untrusted Search Path

Assigner

sonicwall

References

1 reference

URL	Tags
https://psirt.global.sonicwall.com/vuln-detail/SN…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
SonicWall	SonicWall Global VPN Client	Affected: 4.10.4.0314 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:08.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SonicWall Global VPN Client",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "4.10.4.0314 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426: Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-28T10:40:15.000Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2020-5144",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SonicWall Global VPN Client",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.10.4.0314 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SonicWall"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-426: Untrusted Search Path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2020-5144",
    "datePublished": "2020-10-28T10:40:15.000Z",
    "dateReserved": "2019-12-31T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:22:08.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-5144",
      "date": "2026-06-03",
      "epss": "0.00061",
      "percentile": "0.19238"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sonicwall:global_vpn_client:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.10.4.0314\", \"matchCriteriaId\": \"C24D47A1-7E1A-4D13-8385-800AEE1DDA99\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Un cliente de SonicWall Global VPN versiones 4.10.4.0314 y anteriores, permite a usuarios de Windows sin privilegios escalar privilegios a SYSTEM por medio de una vulnerabilidad de secuestro de un proceso cargado\"}]",
      "id": "CVE-2020-5144",
      "lastModified": "2024-11-21T05:33:37.483",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-10-28T11:15:12.100",
      "references": "[{\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020\", \"source\": \"PSIRT@sonicwall.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "PSIRT@sonicwall.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"PSIRT@sonicwall.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5144\",\"sourceIdentifier\":\"PSIRT@sonicwall.com\",\"published\":\"2020-10-28T11:15:12.100\",\"lastModified\":\"2024-11-21T05:33:37.483\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.\"},{\"lang\":\"es\",\"value\":\"Un cliente de SonicWall Global VPN versiones 4.10.4.0314 y anteriores, permite a usuarios de Windows sin privilegios escalar privilegios a SYSTEM por medio de una vulnerabilidad de secuestro de un proceso cargado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"PSIRT@sonicwall.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:global_vpn_client:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.10.4.0314\",\"matchCriteriaId\":\"C24D47A1-7E1A-4D13-8385-800AEE1DDA99\"}]}]}],\"references\":[{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020\",\"source\":\"PSIRT@sonicwall.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-686

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Sonicwall. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sonicwall	N/A	Client SonicWall Global VPN versions antérieures à 4.10.5.1021

References

Title

Publication Time

CERTFR-2020-AVI-686

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Sonicwall. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Sonicwall	N/A	Client SonicWall Global VPN versions antérieures à 4.10.5.1021

References

Title

Publication Time

CNVD-2020-60464

Vulnerability from cnvd - Published: 2020-11-04

Title

SonicWALL Global VPN Client加载进程劫持漏洞

Description

SonicWall Global VPN client是美国SonicWall公司的一款与SonicWALL防火墙配合使用的Vpn软件。该软件可使远程员工和供应商访问公司的网络。 SonicWall Global VPN client 4.10.4.0314版本及之前版本存在安全漏洞，该漏洞源于允许无特权的windows用户通过加载进程劫持漏洞提升特权到系统。目前没有详细漏洞细节提供。

Severity

中

Patch Name

SonicWALL Global VPN Client加载进程劫持漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-5144

Impacted products

Name
SonicWall SonicWALL Global VPN Client <=4.10.4.0314

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5144",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-5144"
    }
  },
  "description": "SonicWall Global VPN client\u662f\u7f8e\u56fdSonicWall\u516c\u53f8\u7684\u4e00\u6b3e\u4e0eSonicWALL\u9632\u706b\u5899\u914d\u5408\u4f7f\u7528\u7684Vpn\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u4f7f\u8fdc\u7a0b\u5458\u5de5\u548c\u4f9b\u5e94\u5546\u8bbf\u95ee\u516c\u53f8\u7684\u7f51\u7edc\u3002\n\nSonicWall Global VPN client 4.10.4.0314\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5141\u8bb8\u65e0\u7279\u6743\u7684windows\u7528\u6237\u901a\u8fc7\u52a0\u8f7d\u8fdb\u7a0b\u52ab\u6301\u6f0f\u6d1e\u63d0\u5347\u7279\u6743\u5230\u7cfb\u7edf\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-60464",
  "openTime": "2020-11-04",
  "patchDescription": "SonicWall Global VPN client\u662f\u7f8e\u56fdSonicWall\u516c\u53f8\u7684\u4e00\u6b3e\u4e0eSonicWALL\u9632\u706b\u5899\u914d\u5408\u4f7f\u7528\u7684Vpn\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u4f7f\u8fdc\u7a0b\u5458\u5de5\u548c\u4f9b\u5e94\u5546\u8bbf\u95ee\u516c\u53f8\u7684\u7f51\u7edc\u3002\r\n\r\nSonicWall Global VPN client 4.10.4.0314\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5141\u8bb8\u65e0\u7279\u6743\u7684windows\u7528\u6237\u901a\u8fc7\u52a0\u8f7d\u8fdb\u7a0b\u52ab\u6301\u6f0f\u6d1e\u63d0\u5347\u7279\u6743\u5230\u7cfb\u7edf\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SonicWALL Global VPN Client\u52a0\u8f7d\u8fdb\u7a0b\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SonicWall SonicWALL Global VPN Client \u003c=4.10.4.0314"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-5144",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-29",
  "title": "SonicWALL Global VPN Client\u52a0\u8f7d\u8fdb\u7a0b\u52ab\u6301\u6f0f\u6d1e"
}

FKIE_CVE-2020-5144

Vulnerability from fkie_nvd - Published: 2020-10-28 11:15 - Updated: 2024-11-21 05:33

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

References

	URL	Tags
	PSIRT@sonicwall.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020	Vendor Advisory

Impacted products

	Vendor	Product	Version
	sonicwall	global_vpn_client	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:global_vpn_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24D47A1-7E1A-4D13-8385-800AEE1DDA99",
              "versionEndIncluding": "4.10.4.0314",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
    },
    {
      "lang": "es",
      "value": "Un cliente de SonicWall Global VPN versiones 4.10.4.0314 y anteriores, permite a usuarios de Windows sin privilegios escalar privilegios a SYSTEM por medio de una vulnerabilidad de secuestro de un proceso cargado"
    }
  ],
  "id": "CVE-2020-5144",
  "lastModified": "2024-11-21T05:33:37.483",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-28T11:15:12.100",
  "references": [
    {
      "source": "PSIRT@sonicwall.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
    }
  ],
  "sourceIdentifier": "PSIRT@sonicwall.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "PSIRT@sonicwall.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CHFF-F3VG-4G9C

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32

Details

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-28T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.",
  "id": "GHSA-chff-f3vg-4g9c",
  "modified": "2022-05-24T17:32:42Z",
  "published": "2022-05-24T17:32:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5144"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-5144

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

Aliases

CVE-2020-5144

Aliases

CVE-2020-5144

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5144",
    "description": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.",
    "id": "GSD-2020-5144"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5144"
      ],
      "details": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.",
      "id": "GSD-2020-5144",
      "modified": "2023-12-13T01:22:03.706175Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT@sonicwall.com",
        "ID": "CVE-2020-5144",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SonicWall Global VPN Client",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.10.4.0314 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SonicWall"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-426: Untrusted Search Path"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020",
            "refsource": "CONFIRM",
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.10.4.0314",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT@sonicwall.com",
          "ID": "CVE-2020-5144"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-11-03T13:21Z",
      "publishedDate": "2020-10-28T11:15Z"
    }
  }
}

VAR-202010-1196

Vulnerability from variot - Updated: 2024-02-13 01:44

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. SonicWall Global VPN client Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SonicWall Global VPN client is a Vpn software developed by SonicWall in the United States and used in conjunction with SonicWALL firewalls. The software enables remote employees and suppliers to access the company's network

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1196",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "global vpn client",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "4.10.4.0314"
      },
      {
        "model": "global vpn client",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": "4.10.4.0314  and earlier"
      },
      {
        "model": "global vpn client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sonicwall",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.10.4.0314",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "cve": "CVE-2020-5144",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2020-5144",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-183269",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-5144",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-5144",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202010-1578",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-183269",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-5144",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. SonicWall Global VPN client Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SonicWall Global VPN client is a Vpn software developed by SonicWall in the United States and used in conjunction with SonicWALL firewalls. The software enables remote employees and suppliers to access the company\u0027s network",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5144"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-5144",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-60464",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-183269",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5144",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "id": "VAR-202010-1196",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183269"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-13T01:44:27.683000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SNWLID-2020-0020",
        "trust": 0.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0020"
      },
      {
        "title": "SonicWall Global VPN client Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131894"
      },
      {
        "title": "\u4e3b\u6d41\u4f9b\u5e94\u5546\u7684\u4e00\u4e9b\u653b\u51fb\u6027\u6f0f\u6d1e\u6c47\u603b",
        "trust": 0.1,
        "url": "https://github.com/r0exper/supplier "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-5144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-426",
        "trust": 1.1
      },
      {
        "problemtype": "Untrusted search path (CWE-426) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0020"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5144"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/426.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/r0exper/supplier"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-5144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "date": "2020-10-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5144"
      },
      {
        "date": "2021-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "date": "2020-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      },
      {
        "date": "2020-10-28T11:15:12.100000",
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-183269"
      },
      {
        "date": "2020-11-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-5144"
      },
      {
        "date": "2021-06-16T03:09:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      },
      {
        "date": "2020-11-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      },
      {
        "date": "2020-11-03T13:21:18.927000",
        "db": "NVD",
        "id": "CVE-2020-5144"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SonicWall\u00a0Global\u00a0VPN\u00a0client\u00a0 Untrusted search path vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012972"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-1578"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5144 (GCVE-0-2020-5144)

CERTFR-2020-AVI-686

Solution

CERTFR-2020-AVI-686

Solution

CNVD-2020-60464

FKIE_CVE-2020-5144

GHSA-CHFF-F3VG-4G9C

GSD-2020-5144

VAR-202010-1196

Tags

Sightings

Nomenclature