CVE-2021-45810

Published: Mar 22, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/yuezk/GlobalProtect-openconnect/issues/114

https://github.com/yuezk/GlobalProtect-openconnect/issues/114#issuecomment-1914008203

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-45810

Description

Affected Products

References