Back to search
CVE-2020-5148
Published: Mar 5, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.
| Vendor | Product | Versions |
|---|---|---|
SonicWall | Directory Services Connector | affected 4.1.17 and earlier |
Weaknesses (CWE)
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0003
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now