Denial of Service Vulnerability in OpenVPN Access Server
CVE-2020-36382

7.5HIGH

Key Information:

Vendor: Openvpn
Status: Openvpn Access Server
Vendor: CVE Published:; 4 June 2021

Summary

OpenVPN Access Server versions 2.7.3 to 2.8.7 are susceptible to a denial of service attack, where remote attackers can exploit the user authentication process. By sending maliciously crafted authentication token data, an attacker can trigger an assertion failure during the early stages of user authentication, leading to service disruptions and potential downtime for affected systems.

Affected Version(s)

OpenVPN Access Server 2.7.3 to 2.8.7

References

https://openvpn.net/vpn-server-resources/release-notes/

x_refsource_MISC

https://openvpn.net/security-advisory/access-server-secur...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 4, 2021
Vulnerability Reserved
May 31, 2021