CVE-2021-20145 Vulnerability Details

  /     /     /  

CVE-2021-20145 Metadata Quick Info

CVE Published: 09/12/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: tenable | Vendor: n/a | Product: Gryphon Tower router
Status : PUBLISHED

CVE-2021-20145 Description

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users\' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims\' devices as though they were on an adjacent network.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Access Control
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-20145 Vulnerability Details