OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
References
Link | Resource |
---|---|
https://community.openvpn.net/openvpn/wiki/CVE-2021-3547 | Patch Vendor Advisory |
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Oct 2022, 12:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-295 |
15 Jul 2021, 18:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openvpn:openvpn:3.6.1:*:*:*:*:*:*:* cpe:2.3:a:openvpn:openvpn:3.6:*:*:*:*:*:*:* |
|
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.4 |
References | (MISC) https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements - Vendor Advisory | |
References | (MISC) https://community.openvpn.net/openvpn/wiki/CVE-2021-3547 - Patch, Vendor Advisory |
12 Jul 2021, 11:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-12 11:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-3547
Mitre link : CVE-2021-3547
CVE.ORG link : CVE-2021-3547
JSON object : View
Products Affected
openvpn
- openvpn