Vulnerability Description
The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aviatrix | Openvpn | <= 2.5.7 |
References
- https://docs.aviatrix.com/#security-bulletinVendor Advisory
- https://docs.aviatrix.com/HowTos/security_bulletin_article.htmlVendor Advisory
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#article-avxsb-00Vendor Advisory
- https://docs.aviatrix.com/#security-bulletinVendor Advisory
- https://docs.aviatrix.com/HowTos/security_bulletin_article.htmlVendor Advisory
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#article-avxsb-00Vendor Advisory
FAQ
What is CVE-2020-7224?
CVE-2020-7224 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party ...
How severe is CVE-2020-7224?
CVE-2020-7224 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7224?
Check the references section above for vendor advisories and patch information. Affected products include: Aviatrix Openvpn.