CVE-2020-36382
HIGHOpenVPN Access Server 2.7.3-2.8.7 - Denial of Service via Incorrect Authentication Token Data
Title source: llmDescription
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://openvpn.net/vpn-server-resources/release-notes/
Vendor Advisory x_refsource_misc
https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/
Scores
CVSS v3
7.5
EPSS
0.0189
EPSS Percentile
76.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-754
CWE-617
Status
published
Products (1)
openvpn/openvpn_access_server
2.7.3 - 2.8.7
Published
Jun 04, 2021
Tracked Since
Feb 18, 2026