CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.3%

CVSS Severity

CVSS v3 Score 7.4

CVSS v2 Score 5.8

References

https://community.openvpn.net/openvpn/wiki/CVE-2021-3547
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
https://community.openvpn.net/openvpn/wiki/CVE-2021-3547
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

Products affected by CVE-2021-3547

Openvpn » Openvpn » Version: 3.6

cpe:2.3:a:openvpn:openvpn:3.6
Openvpn » Openvpn » Version: 3.6.1

cpe:2.3:a:openvpn:openvpn:3.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3547

Products

Pricing

Contact Us