Lucene search

[email protected]NVD:CVE-2020-15077

HistoryJun 04, 2021 - 11:15 a.m.

CVE-2020-15077

2021-06-0411:15:07

CWE-305

CWE-287

[email protected]

web.nvd.nist.gov

openvpn

access server

vulnerability

authentication

bypass

information leaks

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.7%

JSON

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Affected configurations

Nvd

Node

openvpnopenvpn_access_serverRange≤2.8.7

VendorProductVersionCPE
openvpnopenvpn_access_server*cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openvpn	openvpn_access_server	*	cpe:2.3:a:openvpn:openvpn_access_server::::::::

References

openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/

openvpn.net/vpn-server-resources/release-notes/

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

48.7%

JSON

Related for NVD:CVE-2020-15077

cvelist1 cve1 prion1