CVE-2020-7224

9.8CRITICAL

Key Information:

Vendor: Aviatrix
Status: Openvpn
Vendor: CVE Published:; 16 April 2020

Summary

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.

References

https://docs.aviatrix.com/HowTos/security_bulletin_articl...

x_refsource_MISC

https://docs.aviatrix.com/#security-bulletin

x_refsource_MISC

https://docs.aviatrix.com/HowTos/security_bulletin_articl...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2020
Vulnerability Reserved
Jan 18, 2020