Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2021-51 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tenable
Published: 2021-12-09T15:19:24
Updated: 2021-12-09T15:19:24
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20145
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-09T16:15:08.123
Modified: 2021-12-13T18:19:32.177
Link: CVE-2021-20145
JSON object: View
Redhat Information
No data.
CWE