We found results for “”
CVE-2018-20319
Good to know:
Date: July 21, 2020
Openconnect before 8.00 is vulnerable to passwords found in memory. Clear full buffer in buf_truncate() and buf_free(), This reduces the chances of passwords and other secrets lying around in memory when we're done. Arguably if anyone can just read memory of the VPN client while it's running, the game is already lost
Language: C
Severity Score
Related Resources (4)
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |