Details of VAR-202010-1196

ID

VAR-202010-1196

CVE

CVE-2020-5144

TITLE

SonicWall Global VPN client Untrusted search path vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012972

DESCRIPTION

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. SonicWall Global VPN client Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SonicWall Global VPN client is a Vpn software developed by SonicWall in the United States and used in conjunction with SonicWALL firewalls. The software enables remote employees and suppliers to access the company's network

Trust: 1.8

sources: NVD: CVE-2020-5144 // JVNDB: JVNDB-2020-012972 // VULHUB: VHN-183269 // VULMON: CVE-2020-5144

AFFECTED PRODUCTS

vendor:	sonicwall	model:	global vpn client	scope:	lte	version:	4.10.4.0314	Trust: 1.0
vendor:	sonicwall	model:	global vpn client	scope:	lte	version:	4.10.4.0314 and earlier	Trust: 0.8
vendor:	sonicwall	model:	global vpn client	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012972 // NVD: CVE-2020-5144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5144
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-5144
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1578
value:	HIGH
Trust: 0.6
VULHUB:	VHN-183269
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-5144
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5144
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-183269
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5144
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-5144
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183269 // VULMON: CVE-2020-5144 // JVNDB: JVNDB-2020-012972 // CNNVD: CNNVD-202010-1578 // NVD: CVE-2020-5144

PROBLEMTYPE DATA

problemtype:	CWE-426	Trust: 1.1
problemtype:	Untrusted search path (CWE-426) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-183269 // JVNDB: JVNDB-2020-012972 // NVD: CVE-2020-5144

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1578

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1578

PATCH

title:	SNWLID-2020-0020	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020	Trust: 0.8
title:	SonicWall Global VPN client Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131894	Trust: 0.6
title:	主流供应商的一些攻击性漏洞汇总	url:	https://github.com/r0eXpeR/supplier	Trust: 0.1

sources: VULMON: CVE-2020-5144 // JVNDB: JVNDB-2020-012972 // CNNVD: CNNVD-202010-1578

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5144	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012972	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1578	Trust: 0.7
db:	CNVD	id:	CNVD-2020-60464	Trust: 0.1
db:	VULHUB	id:	VHN-183269	Trust: 0.1
db:	VULMON	id:	CVE-2020-5144	Trust: 0.1

sources: VULHUB: VHN-183269 // VULMON: CVE-2020-5144 // JVNDB: JVNDB-2020-012972 // CNNVD: CNNVD-202010-1578 // NVD: CVE-2020-5144

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0020	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5144	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/426.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/r0exper/supplier	Trust: 0.1

sources: VULHUB: VHN-183269 // VULMON: CVE-2020-5144 // JVNDB: JVNDB-2020-012972 // CNNVD: CNNVD-202010-1578 // NVD: CVE-2020-5144

SOURCES

db:	VULHUB	id:	VHN-183269
db:	VULMON	id:	CVE-2020-5144
db:	JVNDB	id:	JVNDB-2020-012972
db:	CNNVD	id:	CNNVD-202010-1578
db:	NVD	id:	CVE-2020-5144

LAST UPDATE DATE

2024-11-23T22:21:00.961000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183269	date:	2020-11-03T00:00:00
db:	VULMON	id:	CVE-2020-5144	date:	2020-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-012972	date:	2021-06-16T03:09:00
db:	CNNVD	id:	CNNVD-202010-1578	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-5144	date:	2024-11-21T05:33:37.483

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183269	date:	2020-10-28T00:00:00
db:	VULMON	id:	CVE-2020-5144	date:	2020-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-012972	date:	2021-06-16T00:00:00
db:	CNNVD	id:	CNNVD-202010-1578	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2020-5144	date:	2020-10-28T11:15:12.100