cbcvebase.
CVE-2020-15077
published 2021-06-04

CVE-2020-15077: OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with…

PriorityP336medium5.3CVSS 3.1
AVNACHPRLUINSUCHINAN
EPSS
1.21%
64.8th percentile
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Affected

2 ranges
VendorProductVersion rangeFixed in
openvpnopenvpn_access_server<= 2.8.7
openvpnopenvpn_access_server

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.