CVE-2020-36382Improper Check for Unusual or Exceptional Conditions in Access Server

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-617Reachable Assertion2 documents2 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvpn Access Server
Timeline
PublishedJun 4
Latest updateMay 24

Description

OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDopenvpn/openvpn_access_server2.7.32.8.7
CVEListV5openvpn/openvpn_access_server2.7.3 to 2.8.7

🔴Vulnerability Details

1
GHSA
GHSA-j34c-6692-hx97: OpenVPN Access Server 22022-05-24
CVE-2020-36382 — Openvpn Access Server vulnerability | cvebase