{"api_version":"1","generated_at":"2026-04-23T02:34:00+00:00","cve":"CVE-2020-36382","urls":{"html":"https://cve.report/CVE-2020-36382","api":"https://cve.report/api/cve/CVE-2020-36382.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-36382","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-36382"},"summary":{"title":"CVE-2020-36382","description":"OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.","state":"PUBLIC","assigner":"security@openvpn.net","published_at":"2021-06-04 11:15:00","updated_at":"2022-09-20 19:28:00"},"problem_types":["CWE-617"],"metrics":[],"references":[{"url":"https://openvpn.net/vpn-server-resources/release-notes/","name":"https://openvpn.net/vpn-server-resources/release-notes/","refsource":"MISC","tags":[],"title":"Access Server Release Notes | OpenVPN","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/","name":"https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/","refsource":"MISC","tags":[],"title":"Access Server Security Update (CVE-2020-15077, CVE-2020-36382) | OpenVPN","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-36382","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36382","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"36382","vulnerable":"1","versionEndIncluding":"2.8.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openvpn","cpe5":"openvpn_access_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-36382","qid":"375867","title":"Open Virtual Private Network (OpenVPN) Access Server Multiple Security Vulnerabilities"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-36382","ASSIGNER":"security@openvpn.net","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"OpenVPN Access Server","version":{"version_data":[{"version_value":"2.7.3 to 2.8.7"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://openvpn.net/vpn-server-resources/release-notes/","url":"https://openvpn.net/vpn-server-resources/release-notes/"},{"refsource":"MISC","name":"https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/","url":"https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/"}]},"description":{"description_data":[{"lang":"eng","value":"OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service."}]}},"nvd":{"publishedDate":"2021-06-04 11:15:00","lastModifiedDate":"2022-09-20 19:28:00","problem_types":["CWE-617"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.7.3","versionEndIncluding":"2.8.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"36382","Ordinal":"209220","Title":"CVE-2020-36382","CVE":"CVE-2020-36382","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"36382","Ordinal":"1","NoteData":"OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"36382","Ordinal":"2","NoteData":"2021-06-04","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"36382","Ordinal":"3","NoteData":"2021-06-04","Type":"Other","Title":"Modified"}]}}}