PT-2017-6393 · Viprinet · Viprinet Multichannel Vpn Router 300

Tim Brown

Published

2017-01-20

Updated

2018-10-09

CVE-2014-9755

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Viprinet MultichannelVPN Router 300 version 2013070830/2013080900

Description The issue concerns the hardware VPN client's failure to validate the remote VPN endpoint identity through the checking of the endpoint's SSL key before initiating the exchange. This allows remote attackers to perform a replay attack.

Recommendations For version 2013070830/2013080900, consider disabling the hardware VPN client until a patch is available that properly validates the remote VPN endpoint identity. Restrict access to the VPN endpoint to minimize the risk of exploitation. Avoid initiating VPN exchanges with unverified endpoints until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-9755

Affected Products

Viprinet Multichannel Vpn Router 300

PT-2017-6393 · Viprinet · Viprinet Multichannel Vpn Router 300

CVE-2014-9755

Weakness Enumeration

Related Identifiers

Affected Products

References · 4