Vulnerability Details : CVE-2020-11810
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.
Products affected by CVE-2020-11810
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-11810
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-11810
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L |
2.2
|
1.4
|
NIST |
CWE ids for CVE-2020-11810
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-11810
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JII7RYYYRBPQNEGGVSOXCM7JUZ43T3VH/
[SECURITY] Fedora 30 Update: openvpn-2.4.9-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGHHV4YZANZW45KZTJJGVGPFMSXYRCKZ/
[SECURITY] Fedora 32 Update: openvpn-2.4.9-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Patch;Third Party Advisory
-
https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab
Fix illegal client float (CVE-2020-11810) · OpenVPN/openvpn@37bc691 · GitHubPatch;Third Party Advisory
-
https://patchwork.openvpn.net/patch/1079/
[Openvpn-devel,v2] Fix illegal client float - PatchworkPatch;Vendor Advisory
-
https://security-tracker.debian.org/tracker/CVE-2020-11810
CVE-2020-11810Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1169925
Bug 1169925 – VUL-1: CVE-2020-11810: openvpn: race condition between allocating peer-id and initializing data channel keyIssue Tracking;Third Party Advisory
-
https://community.openvpn.net/openvpn/ticket/1272
Just a moment...Exploit;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html
[SECURITY] [DLA 2992-1] openvpn security updateMailing List;Third Party Advisory
Jump to