Vulnerability CVE-2021-20230

Vulnerability Name:

CVE-2021-20230 (CCN-197302)

Assigned:

2020-10-11

Published:

2020-10-11

Updated:

2022-06-01

Summary:

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-295

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-20230

Source: CCN
Type: Red Hat Bugzilla - Bug 1925226
(CVE-2021-20230) - CVE-2021-20230 stunnel: client certificate not correctly verified when redirect and verifyChain options are used

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1925226

Source: XF
Type: UNKNOWN
stunnel-cve202120230-info-disc(197302)

Source: CCN
Type: stunnel GIT Repository
stunnel-5.57

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-02

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-20230

Vulnerable Configuration:

Configuration 1:

cpe:/a:stunnel:stunnel:*:*:*:*:*:*:*:* (Version < 5.57)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8022	P	jaxen-1.1.6-150200.12.4.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:628	P	Security update for python-Flask-Security (Moderate) (in QA)	2022-09-27
oval:org.opensuse.security:def:3528	P	iputils-s20121221-2.17 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95158	P	stunnel-5.62-3.14.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:102234	P	Security update for swtpm (Low)	2022-04-21
oval:org.opensuse.security:def:99446	P	(Moderate)	2021-12-23
oval:org.opensuse.security:def:63378	P	stunnel-5.57-3.11.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101404	P	stunnel-5.57-3.11.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2289	P	stunnel-5.57-3.11.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:99645	P	(Important)	2021-06-10
oval:org.opensuse.security:def:99952	P	(Important)	2021-06-02
oval:org.opensuse.security:def:69456	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:9696	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:93047	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:70387	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:8941	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:98857	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:92496	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:69637	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:10070	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:96918	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:93200	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:91907	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:9316	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:99052	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:92695	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:69836	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:10247	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:8571	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:92102	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:9497	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:99247	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:92894	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:70210	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:8746	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:92297	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:111264	P	Security update for stunnel (Important)	2021-03-14
oval:org.opensuse.security:def:5973	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:102793	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:108900	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:67062	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:109459	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:118555	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:97284	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:95521	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:69111	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:76130	P	Security update for stunnel (Important)	2021-03-12
oval:org.opensuse.security:def:96103	P	Security update for stunnel (Important)	2021-03-12
oval:com.redhat.rhsa:def:20210618	P	RHSA-2021:0618: stunnel security update (Important)	2021-02-22

BACK