Vulnerabilities > CVE-2021-45810 - Unspecified vulnerability in Globalprotect-Openconnect Project Globalprotect-Openconnect
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |