CVE-2021-45810

GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/yuezk/GlobalProtect-openconnect/issues/114	Exploit Issue Tracking Mitigation Third Party Advisory
https://github.com/yuezk/GlobalProtect-openconnect/issues/114#issuecomment-1914008203

Configurations

Configuration 1 (hide)

cpe:2.3:a:globalprotect-openconnect_project:globalprotect-openconnect:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-22 11:15

Updated : 2024-03-05 22:15

NVD link : CVE-2021-45810

Mitre link : CVE-2021-45810

CVE.ORG link : CVE-2021-45810

JSON object : View

Products Affected

globalprotect-openconnect_project

globalprotect-openconnect

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-45810", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-22T11:15:07.807", "references": [{"url": "https://github.com/yuezk/GlobalProtect-openconnect/issues/114", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/yuezk/GlobalProtect-openconnect/issues/114#issuecomment-1914008203", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server."}, {"lang": "es", "value": "Varias versiones de GlobalProtect-openconnect est\u00e1n afectadas por un control de acceso incorrecto en GPService mediante DBUS, GUI. La forma en que est\u00e1 configurado GlobalProtect-Openconnect permite a usuarios arbitrarios iniciar una conexi\u00f3n VPN a servidores arbitrarios. Al alojar un servidor compatible con openconnect, el ataque puede redirigir todo el tr\u00e1fico del host por medio de su propio servidor"}], "lastModified": "2024-03-05T22:15:46.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:globalprotect-openconnect_project:globalprotect-openconnect:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02BFBAC5-CA6D-4739-A5E0-4003FD8EFC33"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}