CVE-2021-20145
Last modified
CVE-2021-20145 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.. EPSS estimates a 1.24% chance of exploitation in the next 30 days.
Description
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gryphonconnect | Gryphon Tower Firmware | <= 04.0004.12 |
References
- https://www.tenable.com/security/research/tra-2021-51Exploit, Vendor Advisory
- https://www.tenable.com/security/research/tra-2021-51Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-20145?
How severe is CVE-2021-20145?
How do I fix CVE-2021-20145?
Are you affected by CVE-2021-20145?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST