1. CVE-Search
  2. CVE-2020-12105
ID CVE-2020-12105
Summary OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:1.40:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:1.40:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.20:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.21:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.22:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.23:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.24:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.25:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:2.26:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.01:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.01:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.02:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.02:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.13:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.15:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.16:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.18:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.19:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:3.99:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:3.99:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.02:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.02:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.03:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.03:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.04:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.04:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.05:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.05:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.06:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.06:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.07:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.07:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.08:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.08:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:4.99:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:4.99:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:5.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:5.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:5.02:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:5.02:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:5.03:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:5.03:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:5.99:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:5.99:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:6.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:6.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.01:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.01:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.02:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.02:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.03:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.03:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.04:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.04:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.05:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.05:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.06:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.06:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.07:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.07:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:7.08:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:7.08:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.00:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.00:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.01:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.01:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.02:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.02:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.03:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.03:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.04:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.04:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.05:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.05:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.06:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.06:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.07:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.07:*:*:*:*:*:*:*
  • cpe:2.3:a:infradead:openconnect:8.08:*:*:*:*:*:*:*
    cpe:2.3:a:infradead:openconnect:8.08:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 03-05-2022 - 14:21)
Impact:
Exploitability:
CWE CWE-755
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
gentoo GLSA-202006-15
misc https://gitlab.com/openconnect/openconnect/-/merge_requests/96
suse openSUSE-SU-2020:0694
Last major update 03-05-2022 - 14:21
Published 23-04-2020 - 17:15
Last modified 03-05-2022 - 14:21
Back to Top