CVE-2010-3901 — Improper Input Validation in Openconnect

CWE-20 — Improper Input Validation9 documents7 sources

Severity

6.4MEDIUMNVD

EPSS

0.2%

top 56.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Infradead Openconnect

Timeline

PublishedOct 14

Latest updateMay 17

Description

OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶Debianinfradead/openconnect< 2.25-0.1+3

▶NVDinfradead/openconnect2.22+4

🔴Vulnerability Details

GHSA

GHSA-92px-2chv-hqhf: OpenConnect before 2↗2022-05-17

▶

OSV

CVE-2010-3901: OpenConnect before 2↗2010-10-14

▶

CVEList

CVE-2010-3901: OpenConnect before 2↗2010-10-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064) (Metasploit)↗2010-10-05

▶

📋Vendor Advisories

Debian

CVE-2010-3901: openconnect - OpenConnect before 2.25 does not properly validate X.509 certificates, which all...↗2010

▶

💬Community

Bugzilla

CVE-2010-3902 OpenConnect: webvpn cookie content disclosure via debugging output↗2010-10-15

▶

Bugzilla

CVE-2010-3901 OpenConnect: Always validate server certificate, check server hostname against its certificate↗2010-08-01

▶

Bugzilla

OpenConnect: Always validate server certificate, check server hostname against its certificate [fedora-all]↗2010-08-01

▶