CVE-2020-7043

moderate-risk

Published 2020-02-27

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

Do I need to act?

0.47% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Openfortivpn

Fedora

Backports Sle

Leap

Affected Vendors

Fedoraproject Opensuse Openfortivpn Project

References (16)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html

Patch https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a6...

Patch https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5...

Issue Tracking https://github.com/adrienverge/openfortivpn/issues/536

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html

Patch https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a6...

Patch https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5...

Issue Tracking https://github.com/adrienverge/openfortivpn/issues/536

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

/ 100

moderate-risk

Severity 31/34 · Critical

Exploitability 2/34 · Minimal

Exposure 13/34 · Low