OpenVPN Unauthenticated Access To Control Channel Data (CVE-2020-15078)
A bug found in OpenVPN that may also apply to Watchguard Mobile VPN could allow a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication which can be used to potentially trigger further information leaks. Based off the limited vulnerability details we believe this vulnerability may impact Fireware OS releases after 12.5.3 and have updated the version of OpenSSL included in Fireware OS 12.8.1 out of an abundance of caution.
Fireware OS before 12.8.1 and 12.5.3 up to and including 12.5.10.
Note: Firebox Fireware OS 12.1.x and before is not vulnerable
Resolved in Fireware OS 12.8.1 release