vulnerability

FreeBSD: VID-8604121C-7FC2-11EA-BCAC-7781E90B0C8F (CVE-2020-11810): openvpn -- illegal client float can break VPN session for other users

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	2020-04-13	2020-04-17	2020-10-20

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

2020-04-13

Added

2020-04-17

Modified

2020-10-20

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-8604121C-7FC2-11EA-BCAC-7781E90B0C8F:

Lev Stipakov and Gert Doering report:

There is a time frame between allocating peer-id and initializing data

channel key (which is performed on receiving push request or on async

push-reply) in which the existing peer-id float checks do not work right.

If a "rogue" data channel packet arrives during that time frame from

another address and with same peer-id, this would cause client to float

to that new address.

The net effect of this behaviour is that the VPN session for the

"victim client" is broken. Since the "attacker client" does not have

suitable keys, it can not inject or steal VPN traffic from the other

session. The time window is small and it can not be used to attack

a specific client's session, unless some other way is found to make it

disconnect and reconnect first.

Solution(s)

freebsd-upgrade-package-openvpnfreebsd-upgrade-package-openvpn-develfreebsd-upgrade-package-openvpn-mbedtls

References

NVD-CVE-2020-11810

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today