Lucene search

[email protected]CVE-2020-11810

HistoryApr 27, 2020 - 3:15 p.m.

CVE-2020-11810

2020-04-2715:15:00

CWE-362

[email protected]

web.nvd.nist.gov

161

cve

openvpn

2.4.x

2.4.9

data channel

packet injection

connection drop

ncp

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

4.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim’s peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim’s connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

CPENameOperatorVersion
openvpn:openvpnopenvpnlt2.4.9
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0
fedoraproject:fedorafedoraproject fedoraeq30
fedoraproject:fedorafedoraproject fedoraeq32

CPE	Name	Operator	Version
openvpn:openvpn	openvpn	lt	2.4.9
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	9.0
debian:debian_linux	debian debian linux	eq	10.0
fedoraproject:fedora	fedoraproject fedora	eq	30
fedoraproject:fedora	fedoraproject fedora	eq	32