CVE-2021-3547 - OpenCVE

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openvpn	Openvpn

Configuration 1 [-]

OR	cpe:2.3:a:openvpn:openvpn:3.6:::::::*
	cpe:2.3:a:openvpn:openvpn:3.6.1:::::::*

No data.

References

Link	Providers
https://community.openvpn.net/openvpn/wiki/CVE-2021-3547
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenVPN

Published: 2021-07-12T10:35:52

Updated: 2024-08-03T17:01:06.568Z

Reserved: 2021-05-11T00:00:00

Link: CVE-2021-3547

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-12T11:15:08.233

Modified: 2022-10-27T12:22:43.533

Link: CVE-2021-3547

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "OpenVPN 3 Core Library", "vendor": "n/a", "versions": [{"status": "affected", "version": "3.6 and 3.6.1"}]}], "descriptions": [{"lang": "en", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-12T10:35:52", "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"tags": ["x_refsource_MISC"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@openvpn.net", "ID": "CVE-2021-3547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenVPN 3 Core Library", "version": {"version_data": [{"version_value": "3.6 and 3.6.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-305: Authentication Bypass by Primary Weakness"}]}]}, "references": {"reference_data": [{"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements", "refsource": "MISC", "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"name": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547", "refsource": "MISC", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:06.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}]}]}, "cveMetadata": {"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "assignerShortName": "OpenVPN", "cveId": "CVE-2021-3547", "datePublished": "2021-07-12T10:35:52", "dateReserved": "2021-05-11T00:00:00", "dateUpdated": "2024-08-03T17:01:06.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "2003E88A-EC3B-48F8-9E89-78CF2BBFFA4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvpn:openvpn:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEE05E9D-DFA1-4EEC-9530-3C5EBFA68F7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}, {"lang": "es", "value": "OpenVPN 3 Core Library versiones 3.6 y 3.6.1, permiten a un atacante tipo \"man-in-the-middle\" omitir la autenticaci\u00f3n de certificados al emitir un certificado de servidor no relacionado usando el mismo nombre de host encontrado en la opci\u00f3n verify-x509-name en la configuraci\u00f3n de un cliente"}], "id": "CVE-2021-3547", "lastModified": "2022-10-27T12:22:43.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-12T11:15:08.233", "references": [{"source": "security@openvpn.net", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}, {"source": "security@openvpn.net", "tags": ["Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}], "sourceIdentifier": "security@openvpn.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-305"}], "source": "security@openvpn.net", "type": "Secondary"}]}