7.5
CVE-2020-15078
- EPSS 0.29%
- Published 26.04.2021 14:15:08
- Last modified 21.11.2024 05:04:45
- Source security@openvpn.net
- Teams watchlist Login
- Open Login
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version20.10
Canonical ≫ Ubuntu Linux Version21.04
Debian ≫ Debian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.522 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-305 Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.