Published | 2017-01-20 15:59:00 |
---|---|
Last Modified | 2017-01-20 20:06:23 |
AKA | CVE-2014-9755 |
Summary | The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. |
CVSS Score | 5 |
CVSS Source | http://nvd.nist.gov |
Access Vector | Local | Adjacent | Network |
---|---|---|---|
Access Complexity | Low | Medium | High |
Authentication | None | Single | Multiple |
Confidentiality | None | Partial | Complete |
Integrity | None | Partial | Complete |
Availability | None | Partial | Complete |
Type | Content |
---|---|
Vendor Advisory | http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html |
Vendor Advisory | 20160203 Security Advisories |