Vulnerability Description
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gryphonconnect | Gryphon Tower Firmware | <= 04.0004.12 |
| Gryphonconnect | Gryphon Tower | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2021-51ExploitVendor Advisory
- https://www.tenable.com/security/research/tra-2021-51ExploitVendor Advisory
FAQ
What is CVE-2021-20145?
CVE-2021-20145 is a vulnerability with a CVSS score of 7.5 (HIGH). Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices c...
How severe is CVE-2021-20145?
CVE-2021-20145 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20145?
Check the references section above for vendor advisories and patch information. Affected products include: Gryphonconnect Gryphon Tower Firmware, Gryphonconnect Gryphon Tower.