VDB
CVE-2020-7042
CVE-2020-7042
PUBLISHED
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
EPSS 0.62% · 70.4th percentile
Risk Scores
EPSS Score
0.62%
70.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | openfortivpn | 1.6.0-1, 1.6.0-1build1, 0 |
Exploit Intelligence
- https://github.com/adrienverge/openfortivpn/issues/536 (circl)
- https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 (circl)
- openSUSE-SU-2020:0301 (circl)
- openSUSE-SU-2020:0305 (circl)
- FEDORA-2020-42eb8821db (circl)
- FEDORA-2020-c96ab3c813 (circl)
- FEDORA-2020-dcdffcc368 (circl)
- https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 (circl)
Timeline
- Feb 27, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-7042 third-party-advisory
- https://github.com/adrienverge/openfortivpn/issues/536 third-party-advisory
- https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 third-party-advisory
- https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-7042 third-party-advisory