cbcvebase.
CVE-2020-36382
published 2021-06-04

CVE-2020-36382: OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.89%
77.0th percentile
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.

Affected

2 ranges
VendorProductVersion rangeFixed in
openvpnopenvpn_access_server
openvpnopenvpn_access_server2.7.3 – 2.8.7

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.