CVE-2020-15077

MEDIUM

OpenVPN Access Server <2.8.7 - Auth Bypass

Title source: llm

Description

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://openvpn.net/vpn-server-resources/release-notes/

Vendor Advisory x_refsource_misc

https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/

Scores

CVSS v3 5.3

EPSS 0.0121

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-305 CWE-287

Status published

Products (1)

openvpn/openvpn_access_server < 2.8.7

Published Jun 04, 2021

Tracked Since Feb 18, 2026