CVE-2020-15077Authentication Bypass by Primary Weakness in Access Server

CWE-305Authentication Bypass by Primary WeaknessCWE-287Improper Authentication2 documents2 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 73.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvpn Access Server
Timeline
PublishedJun 4
Latest updateMay 24

Description

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

CVEListV5openvpn/openvpn_access_server2.8.7 and earlier versions

🔴Vulnerability Details

1
GHSA
GHSA-2fc6-fh8m-r4wf: OpenVPN Access Server 22022-05-24
CVE-2020-15077 — Openvpn Access Server vulnerability | cvebase