CVE-2014-9754

Name of the Vulnerable Software and Affected Versions Viprinet MultichannelVPN Router 300 version 2013070830/2013080900

Description The issue concerns the hardware VPN client's failure to validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange. This allows an attacker to perform a Man in the Middle attack.

Recommendations For version 2013070830/2013080900, consider disabling the hardware VPN client until a patch is available that properly validates the remote VPN endpoint identity. Restrict access to the VPN endpoint to minimize the risk of exploitation. Avoid initiating VPN exchanges with unverified endpoints until the issue is resolved.