CVE-2020-12105

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenConnect versions prior to 8.08

Description The issue is related to the mishandling of negative return values from X509 check function calls, which could assist attackers in performing man-in-the-middle attacks. This vulnerability is associated with shortcomings in handling exceptional states in the OpenConnect VPN client's X509 check function. Exploitation of this issue may allow a remote attacker to access confidential data.

Recommendations For OpenConnect versions prior to 8.08, update to version 8.08 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update is applied.

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

ALT-PU-2020-1908

ALT-PU-2024-17486

ALT-PU-2024-17686

BDU:2023-07616

CVE-2020-12105

MGASA-2020-0251

OPENSUSE-SU-2020:0694-1

OPENSUSE-SU-2020_0694-1

OPENSUSE-SU-2024:11114-1

SUSE-SU-2020:1264-1

SUSE-SU-2020:1337-1

SUSE-SU-2020_1337-1

SUSE-SU-2024:0317-1

Affected Products

Alt Linux

Astra Linux

Debian

Openconnect

Suse

CVE-2020-12105

Weakness Enumeration

Related Identifiers

Affected Products

References · 32