CVE-2020-7043

CRITICAL

openfortivpn < 1.12.0 - Improper Certificate Validation via Hostname Comparison

Title source: llm
STIX 2.1

Description

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

References (8)

Core 8
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/adrienverge/openfortivpn/issues/536
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00009.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00011.html

Scores

CVSS v3 9.1
EPSS 0.0240
EPSS Percentile 81.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-295
Status published
Products (6)
fedoraproject/fedora 30
fedoraproject/fedora 31
fedoraproject/fedora 32
openfortivpn_project/openfortivpn < 1.12.0
opensuse/backports_sle 15.0 sp1
opensuse/leap 15.1
Published Feb 27, 2020
Tracked Since Feb 18, 2026