PT-2020-19476 · Aviatrix+1 · Aviatrix Openvpn Client+1

Published

2020-04-16

Updated

2022-07-12

CVE-2020-7224

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aviatrix OpenVPN client versions through 2.5.7

Description The issue arises when OpenSSL parameters are altered from their issued value set, potentially allowing unauthorized third-party libraries to load. This could lead to unauthorized access.

Recommendations For Aviatrix OpenVPN client versions through 2.5.7, ensure that OpenSSL parameters are not altered from their default settings to prevent potential exploitation. As a temporary workaround, consider restricting modifications to OpenSSL parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-7224

Affected Products

Aviatrix Openvpn Client

Openssl

PT-2020-19476 · Aviatrix+1 · Aviatrix Openvpn Client+1

CVE-2020-7224

Related Identifiers

Affected Products

References · 10