Vulnerability Name: | CVE-2020-15074 (CCN-185672) | ||||||||||||
Assigned: | 2020-07-02 | ||||||||||||
Published: | 2020-07-02 | ||||||||||||
Updated: | 2021-11-23 | ||||||||||||
Summary: | OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-613 | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-15074 Source: XF Type: UNKNOWN openvpn-cve202015074-sec-bypass(185672) Source: CCN Type: OpenVPN Web site Release notes for OpenVPN Access Server 2.8.5 Source: CONFIRM Type: Release Notes, Vendor Advisory https://openvpn.net/vpn-server-resources/release-notes/ | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |