Security Advisory

CVE-2021-45810

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-22 00:00:00

Last updated 2024-08-04 04:54:30

Assigner mitre

State PUBLISHED

Description

GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire hosts traffic via their own server.

← Browse all CVEs View on cve.org ↗