Vulnerability Details CVE-2020-12105
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.0%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html
- https://gitlab.com/openconnect/openconnect/-/merge_requests/96
- https://security.gentoo.org/glsa/202006-15
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html
- https://gitlab.com/openconnect/openconnect/-/merge_requests/96
- https://security.gentoo.org/glsa/202006-15
Products affected by CVE-2020-12105
-
cpe:2.3:a:infradead:openconnect:1.00
-
cpe:2.3:a:infradead:openconnect:1.10
-
cpe:2.3:a:infradead:openconnect:1.20
-
cpe:2.3:a:infradead:openconnect:1.30
-
cpe:2.3:a:infradead:openconnect:1.40
-
cpe:2.3:a:infradead:openconnect:2.00
-
cpe:2.3:a:infradead:openconnect:2.01
-
cpe:2.3:a:infradead:openconnect:2.10
-
cpe:2.3:a:infradead:openconnect:2.11
-
cpe:2.3:a:infradead:openconnect:2.12
-
cpe:2.3:a:infradead:openconnect:2.20
-
cpe:2.3:a:infradead:openconnect:2.21
-
cpe:2.3:a:infradead:openconnect:2.22
-
cpe:2.3:a:infradead:openconnect:2.23
-
cpe:2.3:a:infradead:openconnect:2.24
-
cpe:2.3:a:infradead:openconnect:2.25
-
cpe:2.3:a:infradead:openconnect:2.26
-
cpe:2.3:a:infradead:openconnect:3.00
-
cpe:2.3:a:infradead:openconnect:3.01
-
cpe:2.3:a:infradead:openconnect:3.02
-
cpe:2.3:a:infradead:openconnect:3.11
-
cpe:2.3:a:infradead:openconnect:3.12
-
cpe:2.3:a:infradead:openconnect:3.13
-
cpe:2.3:a:infradead:openconnect:3.14
-
cpe:2.3:a:infradead:openconnect:3.15
-
cpe:2.3:a:infradead:openconnect:3.16
-
cpe:2.3:a:infradead:openconnect:3.17
-
cpe:2.3:a:infradead:openconnect:3.18
-
cpe:2.3:a:infradead:openconnect:3.19
-
cpe:2.3:a:infradead:openconnect:3.20
-
cpe:2.3:a:infradead:openconnect:3.99
-
cpe:2.3:a:infradead:openconnect:4.00
-
cpe:2.3:a:infradead:openconnect:4.01
-
cpe:2.3:a:infradead:openconnect:4.02
-
cpe:2.3:a:infradead:openconnect:4.03
-
cpe:2.3:a:infradead:openconnect:4.04
-
cpe:2.3:a:infradead:openconnect:4.05
-
cpe:2.3:a:infradead:openconnect:4.06
-
cpe:2.3:a:infradead:openconnect:4.07
-
cpe:2.3:a:infradead:openconnect:4.08
-
cpe:2.3:a:infradead:openconnect:4.99
-
cpe:2.3:a:infradead:openconnect:5.00
-
cpe:2.3:a:infradead:openconnect:5.01
-
cpe:2.3:a:infradead:openconnect:5.02
-
cpe:2.3:a:infradead:openconnect:5.03
-
cpe:2.3:a:infradead:openconnect:5.99
-
cpe:2.3:a:infradead:openconnect:6.00
-
cpe:2.3:a:infradead:openconnect:7.00
-
cpe:2.3:a:infradead:openconnect:7.01
-
cpe:2.3:a:infradead:openconnect:7.02
-
cpe:2.3:a:infradead:openconnect:7.03
-
cpe:2.3:a:infradead:openconnect:7.04
-
cpe:2.3:a:infradead:openconnect:7.05
-
cpe:2.3:a:infradead:openconnect:7.06
-
cpe:2.3:a:infradead:openconnect:7.07
-
cpe:2.3:a:infradead:openconnect:7.08
-
cpe:2.3:a:infradead:openconnect:8.00
-
cpe:2.3:a:infradead:openconnect:8.01
-
cpe:2.3:a:infradead:openconnect:8.02
-
cpe:2.3:a:infradead:openconnect:8.03
-
cpe:2.3:a:infradead:openconnect:8.04
-
cpe:2.3:a:infradead:openconnect:8.05
-
cpe:2.3:a:infradead:openconnect:8.06
-
cpe:2.3:a:infradead:openconnect:8.07
-
cpe:2.3:a:infradead:openconnect:8.08
-
cpe:2.3:o:opensuse:leap:15.1