5.3
CVE-2020-7042
- EPSS 0.84%
- Veröffentlicht 27.02.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:36:32
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openfortivpn Project ≫ Openfortivpn Version < 1.12.0
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
Opensuse ≫ Backports Sle Version15.0 Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.741 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.