Details of VAR-202010-1197

ID

VAR-202010-1197

CVE

CVE-2020-5145

TITLE

SonicWall Global VPN client Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2020-012724

DESCRIPTION

SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system. SonicWall Global VPN client There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SonicWall Global VPN client is a Vpn software developed by SonicWall in the United States and used in conjunction with SonicWALL firewalls. The software enables remote employees and suppliers to access the company's network

Trust: 1.8

sources: NVD: CVE-2020-5145 // JVNDB: JVNDB-2020-012724 // VULHUB: VHN-183270 // VULMON: CVE-2020-5145

AFFECTED PRODUCTS

vendor:	sonicwall	model:	global vpn client	scope:	lte	version:	4.10.4.0314	Trust: 1.0
vendor:	sonicwall	model:	global vpn client	scope:	eq	version:	-	Trust: 0.8
vendor:	sonicwall	model:	global vpn client	scope:	lte	version:	4.10.4.0314 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2020-012724 // NVD: CVE-2020-5145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5145
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-5145
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1576
value:	HIGH
Trust: 0.6
VULHUB:	VHN-183270
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-5145
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5145
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-183270
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5145
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-5145
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183270 // VULMON: CVE-2020-5145 // JVNDB: JVNDB-2020-012724 // CNNVD: CNNVD-202010-1576 // NVD: CVE-2020-5145

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-183270 // JVNDB: JVNDB-2020-012724 // NVD: CVE-2020-5145

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1576

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1576

PATCH

title:	SNWLID-2020-0021	url:	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021	Trust: 0.8
title:	SonicWall SonicWall Global VPN client Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131893	Trust: 0.6

sources: JVNDB: JVNDB-2020-012724 // CNNVD: CNNVD-202010-1576

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5145	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012724	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1576	Trust: 0.6
db:	CNVD	id:	CNVD-2020-60089	Trust: 0.1
db:	VULHUB	id:	VHN-183270	Trust: 0.1
db:	VULMON	id:	CVE-2020-5145	Trust: 0.1

sources: VULHUB: VHN-183270 // VULMON: CVE-2020-5145 // JVNDB: JVNDB-2020-012724 // CNNVD: CNNVD-202010-1576 // NVD: CVE-2020-5145

REFERENCES

url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2020-0021	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5145	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/427.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-183270 // VULMON: CVE-2020-5145 // JVNDB: JVNDB-2020-012724 // CNNVD: CNNVD-202010-1576 // NVD: CVE-2020-5145

SOURCES

db:	VULHUB	id:	VHN-183270
db:	VULMON	id:	CVE-2020-5145
db:	JVNDB	id:	JVNDB-2020-012724
db:	CNNVD	id:	CNNVD-202010-1576
db:	NVD	id:	CVE-2020-5145

LAST UPDATE DATE

2024-11-23T21:51:14.812000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183270	date:	2020-10-30T00:00:00
db:	VULMON	id:	CVE-2020-5145	date:	2020-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-012724	date:	2021-05-24T08:00:00
db:	CNNVD	id:	CNNVD-202010-1576	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-5145	date:	2024-11-21T05:33:37.587

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183270	date:	2020-10-28T00:00:00
db:	VULMON	id:	CVE-2020-5145	date:	2020-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-012724	date:	2021-05-24T00:00:00
db:	CNNVD	id:	CNNVD-202010-1576	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2020-5145	date:	2020-10-28T11:15:12.270