MidnightBSD

Advisories for openfortivpn_project

CVE-2020-7041 MEDIUM

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
opensuse backports_sle 15.0
fedoraproject fedora 31
fedoraproject fedora 30
openfortivpn_project openfortivpn *
CVE-2020-7042 MEDIUM

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-908,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
opensuse backports_sle 15.0
fedoraproject fedora 31
fedoraproject fedora 30
openfortivpn_project openfortivpn *
CVE-2020-7043 MEDIUM

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 32
opensuse leap 15.1
opensuse backports_sle 15.0
fedoraproject fedora 31
fedoraproject fedora 30
openfortivpn_project openfortivpn *