CVE-2020-7041 — Improper Certificate Validation in Project Openfortivpn

CWE-295 — Improper Certificate Validation8 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.8%

top 25.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openfortivpn Project Openfortivpn Fedoraproject Fedora Opensuse Backports SLE +1 more

Timeline

PublishedFeb 27

Latest updateMay 24

Description

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDopenfortivpn_project/openfortivpn< 1.12.0

▶Debianopenfortivpn_project/openfortivpn< 1.12.0-1+3

▶NVDopensuse/leap15.1

▶NVDopensuse/backports_sle15.0

Also affects: Fedora 30, 31, 32

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-gj3x-586x-w7gm: An issue was discovered in openfortivpn 1↗2022-05-24

▶

OSV

CVE-2020-7041: An issue was discovered in openfortivpn 1↗2020-02-27

▶

CVEList

CVE-2020-7041: An issue was discovered in openfortivpn 1↗2020-02-27

▶

📋Vendor Advisories

Debian

CVE-2020-7041: openfortivpn - An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or l...↗2020

▶

🕵️Threat Intelligence

Unit42

Personal VPN and Its Evasions: Risk Factors and How to Maintain Network Visibility↗2021-08-17

▶

Unit42

Personal VPN and Its Evasions: Risk Factors and How to Maintain Network Visibility↗2021-08-17

▶

💬Community

Bugzilla

CVE-2020-7041 openfortivpn: mishandling of certificate validation due to X509_check_host negative error code↗2020-05-05

▶