CVE-2020-11810

CVE-2020-11810

Name

CVE-2020-11810

Description

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://community.openvpn.net/openvpn/ticket/1272
Third Party Advisory	https://security-tracker.debian.org/tracker/CVE-2020-11810
Patch	https://patchwork.openvpn.net/patch/1079/
Issue Tracking	https://bugzilla.suse.com/show_bug.cgi?id=1169925
Patch	https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGHHV4YZANZW45KZTJJGVGPFMSXYRCKZ/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JII7RYYYRBPQNEGGVSOXCM7JUZ43T3VH/
Mailing List	https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html

Type

URI

Exploit

https://community.openvpn.net/openvpn/ticket/1272

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2020-11810

Patch

https://patchwork.openvpn.net/patch/1079/

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=1169925

Patch

https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab