CVE-2021-3547 — HIGH (7.4) — White Hats Nepal

Vulnerability Description

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Openvpn	Openvpn	3.6

Related Weaknesses (CWE)

CWE-305 CWE-295

References

https://community.openvpn.net/openvpn/wiki/CVE-2021-3547PatchVendor Advisory
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncementsVendor Advisory
https://community.openvpn.net/openvpn/wiki/CVE-2021-3547PatchVendor Advisory
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncementsVendor Advisory

FAQ

What is CVE-2021-3547?

CVE-2021-3547 is a vulnerability with a CVSS score of 7.4 (HIGH). OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in th...

How severe is CVE-2021-3547?

CVE-2021-3547 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3547?

Check the references section above for vendor advisories and patch information. Affected products include: Openvpn Openvpn.