This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openfortivpn Project First view 2020-02-27
Product Openfortivpn Last view 2020-02-27
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:openfortivpn_project:openfortivpn:1.11.0:*:*:*:*:*:*:* 3
cpe:2.3:a:openfortivpn_project:openfortivpn:*:*:*:*:*:*:*:* 3

Related : CVE

  Date Alert Description
9.1 2020-02-27 CVE-2020-7043

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack.

5.3 2020-02-27 CVE-2020-7042

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).

5.3 2020-02-27 CVE-2020-7041

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

CWE : Common Weakness Enumeration

%idName
100% (3) CWE-295 Certificate Issues