Lucene search

K
cveRedhatCVE-2021-20230
HistoryFeb 23, 2021 - 5:15 p.m.

CVE-2021-20230

2021-02-2317:15:13
CWE-295
redhat
web.nvd.nist.gov
188
4
cve-2021-20230
stunnel
security flaw
unauthorized access
certificate validation
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

45.7%

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.

Affected configurations

Nvd
Vulners
Node
stunnelstunnelRange<5.57
VendorProductVersionCPE
stunnelstunnel*cpe:2.3:a:stunnel:stunnel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "stunnel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "stunnel 5.57"
      }
    ]
  }
]

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

45.7%