CVE-2021-20145

{"id": "CVE-2021-20145", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-12-09T16:15:08.123", "references": [{"url": "https://www.tenable.com/security/research/tra-2021-51", "tags": ["Exploit", "Vendor Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network."}, {"lang": "es", "value": "Los routers de Gryphon Tower contienen un archivo de configuraci\u00f3n openvpn no protegido que puede conceder a atacantes acceso a la red VPN dom\u00e9stica de Gryphon, que expone las interfaces LAN de los dispositivos de otros usuarios conectados al mismo servicio. Un atacante podr\u00eda aprovechar esto para realizar cambios en la configuraci\u00f3n o atacar los dispositivos de las v\u00edctimas como si estuvieran en una red adyacente"}], "lastModified": "2021-12-13T18:19:32.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0E6D9AA-BA55-417C-9AA7-12FDA077BB49", "versionEndIncluding": "04.0004.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gryphonconnect:gryphon_tower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "85AD2611-183D-4ACE-AF89-0E1B29CE1371"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}