CVE-2020-5132

Name of the Vulnerable Software and Affected Versions SonicWall SSL-VPN products (affected versions not specified) SonicWall firewall SSL-VPN feature (affected versions not specified)

Description The issue is related to a misconfiguration in SonicWall SSL-VPN products and the SonicWall firewall SSL-VPN feature, which can lead to a DNS flaw known as domain name collision vulnerability. This occurs when users publicly display their organization's internal domain names in the SSL-VPN authentication page. An attacker with knowledge of internal domain names can potentially exploit this vulnerability.

Recommendations For SonicWall SSL-VPN products, consider restricting access to the SSL-VPN authentication page to prevent public display of internal domain names until a proper configuration is in place. For SonicWall firewall SSL-VPN feature, restrict the use of the SSL-VPN feature to minimize the risk of exploitation, and review the configuration to ensure internal domain names are not publicly exposed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.