{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T02:37:41.685","vulnerabilities":[{"cve":{"id":"CVE-2021-20145","sourceIdentifier":"vulnreport@tenable.com","published":"2021-12-09T16:15:08.123","lastModified":"2024-11-21T05:46:00.553","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network."},{"lang":"es","value":"Los routers de Gryphon Tower contienen un archivo de configuración openvpn no protegido que puede conceder a atacantes acceso a la red VPN doméstica de Gryphon, que expone las interfaces LAN de los dispositivos de otros usuarios conectados al mismo servicio. Un atacante podría aprovechar esto para realizar cambios en la configuración o atacar los dispositivos de las víctimas como si estuvieran en una red adyacente"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"04.0004.12","matchCriteriaId":"F0E6D9AA-BA55-417C-9AA7-12FDA077BB49"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:gryphonconnect:gryphon_tower:-:*:*:*:*:*:*:*","matchCriteriaId":"85AD2611-183D-4ACE-AF89-0E1B29CE1371"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2021-51","source":"vulnreport@tenable.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2021-51","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}