| Published | 2017-01-20 15:59:00 |
|---|---|
| Last Modified | 2017-01-20 20:06:23 |
| AKA | CVE-2014-9755 |
| Summary | The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. |
| CVSS Score | 5 |
| CVSS Source | http://nvd.nist.gov |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |
| Type | Content |
|---|---|
| Vendor Advisory | http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html |
| Vendor Advisory | 20160203 Security Advisories |
