CVE-2021-45810 : What You Need to Know
Learn about CVE-2021-45810 affecting GlobalProtect-openconnect, allowing arbitrary user VPN connections and traffic redirection. Find mitigation steps and updates here.
Multiple versions of GlobalProtect-openconnect are affected by incorrect access control, allowing arbitrary users to redirect traffic.
Understanding CVE-2021-45810
What is CVE-2021-45810?
Multiple versions of GlobalProtect-openconnect suffer from an incorrect access control issue that enables arbitrary users to establish VPN connections to any servers, potentially redirecting traffic.
The Impact of CVE-2021-45810
The vulnerability permits attackers to redirect a host's entire traffic by exploiting the setup of GlobalProtect-openconnect.
Technical Details of CVE-2021-45810
Vulnerability Description
The flaw arises from incorrect access control in GPService through DBUS and GUI, allowing arbitrary VPN connections.
Affected Systems and Versions
- Product: GlobalProtect-openconnect
- Vendor: n/a
- Versions: All versions
Exploitation Mechanism
Attackers can exploit this vulnerability by hosting an openconnect compatible server and redirecting traffic to their server.
Mitigation and Prevention
Immediate Steps to Take
- Disable or restrict access to DBUS and GUI services to unauthorized users.
- Monitor network traffic for any suspicious VPN connections.
Long-Term Security Practices
- Regularly review and update access control policies.
- Conduct security training for employees regarding VPN security best practices.
Patching and Updates
- Apply security patches provided by the vendor to fix the access control issue.