CVE-2020-5142
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en la interfaz web SSLVPN de SonicOS. Un atacante remoto no autenticado puede almacenar y potencialmente ejecutar código JavaScript arbitrario en el portal SSLVPN del firewall. Esta vulnerabilidad afectó a SonicOS Gen 5 versiones 5.9.1.7, 5.9.1.13, Gen 6 versiones 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv versión 6.5.4.v y SonicOS Gen 7 versión 7.0.0.0
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-31 CVE Reserved
- 2020-10-12 CVE Published
- 2023-10-16 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0017 | 2020-10-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | <= 5.9.1.13 Search vendor "Sonicwall" for product "Sonicos" and version " <= 5.9.1.13" | - |
Affected
| ||||||
Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | >= 6.0.0.0 <= 6.0.5.3 Search vendor "Sonicwall" for product "Sonicos" and version " >= 6.0.0.0 <= 6.0.5.3" | - |
Affected
| ||||||
Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | >= 6.5.0.0 <= 6.5.1.11 Search vendor "Sonicwall" for product "Sonicos" and version " >= 6.5.0.0 <= 6.5.1.11" | - |
Affected
| ||||||
Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | >= 6.5.4.0 <= 6.5.4.7 Search vendor "Sonicwall" for product "Sonicos" and version " >= 6.5.4.0 <= 6.5.4.7" | - |
Affected
| ||||||
Sonicwall Search vendor "Sonicwall" | Sonicos Search vendor "Sonicwall" for product "Sonicos" | 7.0.0.0 Search vendor "Sonicwall" for product "Sonicos" and version "7.0.0.0" | - |
Affected
| ||||||
Sonicwall Search vendor "Sonicwall" | Sonicosv Search vendor "Sonicwall" for product "Sonicosv" | <= 6.5.4.4 Search vendor "Sonicwall" for product "Sonicosv" and version " <= 6.5.4.4" | - |
Affected
|