CVE-2020-15078
Description
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.333
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-15078 are affected in OpenVPN 2.5.1 | Windows |
| SUSE-SU-2021:1576-1(SUSE Linux Enterprise Server 12-SP5 ) openvpn-2.3.8-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1576-1(SUSE Linux Enterprise Server 12-SP5 ) openvpn-auth-pam-plugin-2.3.8-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1576-1(SUSE Linux Enterprise Server 12-SP5 ) openvpn-auth-pam-plugin-debuginfo-2.3.8-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1576-1(SUSE Linux Enterprise Server 12-SP5 ) openvpn-debuginfo-2.3.8-16.26.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1576-1(SUSE Linux Enterprise Server 12-SP5 ) openvpn-debugsource-2.3.8-16.26.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234