CVE-2021-3547 - OpenCVE

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openvpn	Openvpn

Configuration 1 [-]

OR	cpe:2.3:a:openvpn:openvpn:3.6:::::::*
	cpe:2.3:a:openvpn:openvpn:3.6.1:::::::*

References

Link	Resource
https://community.openvpn.net/openvpn/wiki/CVE-2021-3547	Patch Vendor Advisory
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenVPN

Published: 2021-07-12T10:35:52

Updated: 2021-07-12T10:35:52

Reserved: 2021-05-11T00:00:00

Link: CVE-2021-3547

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-07-12T11:15:08.233

Modified: 2022-10-27T12:22:43.533

Link: CVE-2021-3547

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "OpenVPN 3 Core Library", "vendor": "n/a", "versions": [{"status": "affected", "version": "3.6 and 3.6.1"}]}], "descriptions": [{"lang": "en", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-12T10:35:52", "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"tags": ["x_refsource_MISC"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@openvpn.net", "ID": "CVE-2021-3547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenVPN 3 Core Library", "version": {"version_data": [{"version_value": "3.6 and 3.6.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-305: Authentication Bypass by Primary Weakness"}]}]}, "references": {"reference_data": [{"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements", "refsource": "MISC", "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"name": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547", "refsource": "MISC", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}]}}}}, "cveMetadata": {"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "assignerShortName": "OpenVPN", "cveId": "CVE-2021-3547", "datePublished": "2021-07-12T10:35:52", "dateReserved": "2021-05-11T00:00:00", "dateUpdated": "2021-07-12T10:35:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "2003E88A-EC3B-48F8-9E89-78CF2BBFFA4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvpn:openvpn:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEE05E9D-DFA1-4EEC-9530-3C5EBFA68F7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}, {"lang": "es", "value": "OpenVPN 3 Core Library versiones 3.6 y 3.6.1, permiten a un atacante tipo \"man-in-the-middle\" omitir la autenticaci\u00f3n de certificados al emitir un certificado de servidor no relacionado usando el mismo nombre de host encontrado en la opci\u00f3n verify-x509-name en la configuraci\u00f3n de un cliente"}], "id": "CVE-2021-3547", "lastModified": "2022-10-27T12:22:43.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-12T11:15:08.233", "references": [{"source": "security@openvpn.net", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}, {"source": "security@openvpn.net", "tags": ["Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}], "sourceIdentifier": "security@openvpn.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-305"}], "source": "security@openvpn.net", "type": "Secondary"}]}