VYPR
Unrated severityNVD Advisory· Published Oct 14, 2010· Updated Jun 16, 2026

CVE-2010-3901

CVE-2010-3901

Description

OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*range: <=2.22
    • cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*
    • cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*
  • Range: <2.25

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.