CVE-2020-11810

Published: Apr 27, 2020Modified: Nov 21, 2024

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

Affected (6)

Products: Openvpn: Openvpn · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openvpn Openvpn	From 2.4.0 to 2.4.9

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 32

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (16)

https://bugzilla.suse.com/show_bug.cgi?id=1169925

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://community.openvpn.net/openvpn/ticket/1272

Source: cve@mitre.org

ExploitVendor Advisory

https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGHHV4YZANZW45KZTJJGVGPFMSXYRCKZ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JII7RYYYRBPQNEGGVSOXCM7JUZ43T3VH/

Source: cve@mitre.org

https://patchwork.openvpn.net/patch/1079/

Source: cve@mitre.org

PatchVendor Advisory

https://security-tracker.debian.org/tracker/CVE-2020-11810

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1169925

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://community.openvpn.net/openvpn/ticket/1272

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGHHV4YZANZW45KZTJJGVGPFMSXYRCKZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JII7RYYYRBPQNEGGVSOXCM7JUZ43T3VH/

Source: af854a3a-2127-422b-91ae-364da2661108

https://patchwork.openvpn.net/patch/1079/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security-tracker.debian.org/tracker/CVE-2020-11810

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.