Fwd: [CIVN-2020-0202] Remote code execution in Open Connect VPN client

Severity Rating: MEDIUM

Software Affected

Open Connect VPN Client: 3.99, 4.00, 4.01, 4.02, 4.03, 4.04, 4.05, 4.06,

4.07, 4.08, 4.99, 5.00, 5.01, 5.02, 5.03, 5.99, 6.00, 7.00, 7.01, 7.02,

7.03, 7.04, 7.05, 7.06, 7.07, 7.08, 8.00, 8.01, 8.02, 8.03, 8.04, 8.05,

8.06, 8.07, 8.08, 8.09

Overview

A vulnerability has been reported in Open Connect VPN Client which could

allow an attacker to execute arbitrary code on the targeted system.

Description

This Vulnerability exists in Open Connect VPN Client due to a boundary

within the get_cert_name() function in gnutls.c file by the. A remote

attacker could exploit this vulnerability by tricking the victim into

connecting to a malicious VPN server, thereby triggering buffer overflow

and crashing the client or executing arbitrary code on the targeted system.

Successful exploitation of this vulnerability may result in complete

compromise of vulnerable system.

Solution

Apply appropriate patches as mentioned in Open Connect VPN Client Bulletin:

https://security-tracker.debian.org/tracker/CVE-2020-12823

References

Cyber Security Help

https://www.cybersecurity-help.cz/vdb/SB2020052308

Debian

https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html

CVE Name

CVE-2020-12823

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0202] Remote code execution in Open Connect VPN client

About Cert Advisory

Related Posts

Related Posts

Popular Posts

Facebook

Blog Archive