CVE-2021-3547 - Vulnerability Details - OpenCVE

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Key SSVC decision points have not yet been added.

Vendors	Products
Openvpn	Openvpn

Configuration 1 [-]

OR	cpe:2.3:a:openvpn:openvpn:3.6:::::::*
	cpe:2.3:a:openvpn:openvpn:3.6.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-26858	OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://community.openvpn.net/openvpn/wiki/CVE-2021-3547
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenVPN

Published: 2021-07-12T10:35:52

Updated: 2024-08-03T17:01:06.568Z

Reserved: 2021-05-11T00:00:00

Link: CVE-2021-3547

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-12T11:15:08.233

Modified: 2024-11-21T06:21:48.747

Link: CVE-2021-3547

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "OpenVPN 3 Core Library", "vendor": "n/a", "versions": [{"status": "affected", "version": "3.6 and 3.6.1"}]}], "descriptions": [{"lang": "en", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-12T10:35:52", "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"tags": ["x_refsource_MISC"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@openvpn.net", "ID": "CVE-2021-3547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenVPN 3 Core Library", "version": {"version_data": [{"version_value": "3.6 and 3.6.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-305: Authentication Bypass by Primary Weakness"}]}]}, "references": {"reference_data": [{"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements", "refsource": "MISC", "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"name": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547", "refsource": "MISC", "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:06.568Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}]}]}, "cveMetadata": {"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "assignerShortName": "OpenVPN", "cveId": "CVE-2021-3547", "datePublished": "2021-07-12T10:35:52", "dateReserved": "2021-05-11T00:00:00", "dateUpdated": "2024-08-03T17:01:06.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "2003E88A-EC3B-48F8-9E89-78CF2BBFFA4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvpn:openvpn:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEE05E9D-DFA1-4EEC-9530-3C5EBFA68F7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration."}, {"lang": "es", "value": "OpenVPN 3 Core Library versiones 3.6 y 3.6.1, permiten a un atacante tipo \"man-in-the-middle\" omitir la autenticaci\u00f3n de certificados al emitir un certificado de servidor no relacionado usando el mismo nombre de host encontrado en la opci\u00f3n verify-x509-name en la configuraci\u00f3n de un cliente"}], "id": "CVE-2021-3547", "lastModified": "2024-11-21T06:21:48.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-12T11:15:08.233", "references": [{"source": "security@openvpn.net", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}, {"source": "security@openvpn.net", "tags": ["Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"}], "sourceIdentifier": "security@openvpn.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "security@openvpn.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}