CVE-2020-36382
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
OpenVPN Access Server versiones 2.7.3 a 2.8.7, permite a atacantes remotos desencadenar una aserción durante la fase de autenticación del usuario por medio de datos de token de autenticación incorrectos en una fase temprana de la autenticación del usuario, resultando en una denegación de servicio
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-31 CVE Reserved
- 2021-06-04 CVE Published
- 2024-02-18 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openvpn Search vendor "Openvpn" | Openvpn Access Server Search vendor "Openvpn" for product "Openvpn Access Server" | >= 2.7.3 <= 2.8.7 Search vendor "Openvpn" for product "Openvpn Access Server" and version " >= 2.7.3 <= 2.8.7" | - |
Affected
| ||||||