First published: Fri Jun 04 2021(Updated: )
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
Credit: security@openvpn.net
Affected Software | Affected Version | How to fix |
---|---|---|
Openvpn Openvpn Access Server | >=2.7.3<=2.8.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-36382 is high, with a severity value of 7.5.
CVE-2020-36382 affects OpenVPN Access Server versions 2.7.3 to 2.8.7 by allowing remote attackers to trigger an assert during the user authentication phase.
Remote attackers can exploit CVE-2020-36382 by using incorrect authentication token data in an early phase of the user authentication process, resulting in a denial of service.
To fix CVE-2020-36382, it is recommended to update OpenVPN Access Server to version 2.8.8 or later, as provided by the vendor.
For additional information about CVE-2020-36382, you can refer to the following resources: [Link 1](https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/), [Link 2](https://openvpn.net/vpn-server-resources/release-notes/).