Vulnerability Details CVE-2020-7224
The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://docs.aviatrix.com/#security-bulletin
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#article-avxsb-00001
- https://docs.aviatrix.com/#security-bulletin
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html
- https://docs.aviatrix.com/HowTos/security_bulletin_article.html#article-avxsb-00001
Products affected by CVE-2020-7224
-
cpe:2.3:a:aviatrix:openvpn:-
-
cpe:2.3:a:aviatrix:openvpn:1.0
-
cpe:2.3:a:aviatrix:openvpn:1.1
-
cpe:2.3:a:aviatrix:openvpn:1.10.16
-
cpe:2.3:a:aviatrix:openvpn:1.2
-
cpe:2.3:a:aviatrix:openvpn:1.3
-
cpe:2.3:a:aviatrix:openvpn:1.4
-
cpe:2.3:a:aviatrix:openvpn:1.5
-
cpe:2.3:a:aviatrix:openvpn:1.6
-
cpe:2.3:a:aviatrix:openvpn:1.7
-
cpe:2.3:a:aviatrix:openvpn:1.8
-
cpe:2.3:a:aviatrix:openvpn:1.9
-
cpe:2.3:a:aviatrix:openvpn:2.0.3
-
cpe:2.3:a:aviatrix:openvpn:2.1.3
-
cpe:2.3:a:aviatrix:openvpn:2.2.10
-
cpe:2.3:a:aviatrix:openvpn:2.3.10
-
cpe:2.3:a:aviatrix:openvpn:2.4.10
-
cpe:2.3:a:aviatrix:openvpn:2.5.7