6.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:P/I:P/A:C
0.01 Low
EPSS
Percentile
83.1%
Michal Trojnara reports:
64-bit versions of stunnel with the following conditions:
* NTLM authentication enabled
* CONNECT protocol negotiation enabled
* Configured in SSL client mode
* An attacker that can either control the proxy server specified in
the “connect” option or execute MITM attacks on the TCP session
between stunnel and the proxy
Can be exploited for remote code execution. The code is executed
within the configured chroot directory, with privileges of the
configured user and group.