CVE-2020-7043

CVE Database · CVE-2020-7043

CVE-2020-7043

· CRITICALModified

CVSS v3.1

9.1

EPSS

2.40%

Published

Feb 27, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-295

Affected Products (7)

openfortivpn_project · openfortivpn (up to 1.12.0)vulnerable

openssl · openssl (up to 1.0.2)

fedoraproject · fedoravulnerable

opensuse · backports_slevulnerable

opensuse · leapvulnerable

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html