CVE-2021-20145

Published: Dec 9, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.

Affected (1)

Products: Gryphonconnect: Gryphon Tower Firmware

1 product

Gryphon Tower Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gryphonconnect Gryphon Tower Firmware	Up to 04.0004.12

Running on/with	Platform Versions
Gryphonconnect Gryphon Tower	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.tenable.com/security/research/tra-2021-51

Source: vulnreport@tenable.com

ExploitVendor Advisory

https://www.tenable.com/security/research/tra-2021-51

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.