All the vulnerabilites related to openvpn - openvpn_access_server
cve-2006-1629
Vulnerability from cvelistv5
Published
2006-04-06 22:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openvpn-ldpreload-code-execution(25667)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25667"
},
{
"name": "MDKSA-2006:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:069"
},
{
"name": "ADV-2006-1261",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1261"
},
{
"name": "17392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openvpn.net/changelog.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.osreviews.net/reviews/security/openvpn-print"
},
{
"name": "19531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19531"
},
{
"name": "DSA-1045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1045"
},
{
"name": "19598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=10093825\u0026forum_id=8482"
},
{
"name": "19837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19837"
},
{
"name": "24444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24444"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openvpn-ldpreload-code-execution(25667)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25667"
},
{
"name": "MDKSA-2006:069",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:069"
},
{
"name": "ADV-2006-1261",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1261"
},
{
"name": "17392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openvpn.net/changelog.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.osreviews.net/reviews/security/openvpn-print"
},
{
"name": "19531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19531"
},
{
"name": "DSA-1045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1045"
},
{
"name": "19598",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=10093825\u0026forum_id=8482"
},
{
"name": "19837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19837"
},
{
"name": "24444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24444"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openvpn-ldpreload-code-execution(25667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25667"
},
{
"name": "MDKSA-2006:069",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:069"
},
{
"name": "ADV-2006-1261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1261"
},
{
"name": "17392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17392"
},
{
"name": "http://openvpn.net/changelog.html",
"refsource": "CONFIRM",
"url": "http://openvpn.net/changelog.html"
},
{
"name": "http://www.osreviews.net/reviews/security/openvpn-print",
"refsource": "MISC",
"url": "http://www.osreviews.net/reviews/security/openvpn-print"
},
{
"name": "19531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19531"
},
{
"name": "DSA-1045",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1045"
},
{
"name": "19598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19598"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=10093825\u0026forum_id=8482",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=10093825\u0026forum_id=8482"
},
{
"name": "19837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19837"
},
{
"name": "24444",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24444"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1629",
"datePublished": "2006-04-06T22:00:00",
"dateReserved": "2006-04-05T00:00:00",
"dateUpdated": "2024-08-07T17:19:48.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33737
Vulnerability from cvelistv5
Published
2022-07-06 15:09
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | OpenVPN Access Server |
Version: from version 2.10.0 and before 2.11.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "from version 2.10.0 and before 2.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T15:09:08",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2022-33737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "from version 2.10.0 and before 2.11.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708: Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2022-33737",
"datePublished": "2022-07-06T15:09:08",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3824
Vulnerability from cvelistv5
Published
2021-09-23 14:53
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | OpenVPN Access Server |
Version: 2.9.0 through 2.9.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.9.0 through 2.9.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-84",
"description": "CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T14:53:51",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2021-3824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "2.9.0 through 2.9.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2021-3824",
"datePublished": "2021-09-23T14:53:51",
"dateReserved": "2021-09-22T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15074
Vulnerability from cvelistv5
Published
2020-07-14 17:27
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | OpenVPN Access Server |
Version: 2.8.3 and prior versions in addition to 2.9.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.8.3 and prior versions in addition to 2.9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-22T18:04:24",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-15074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "2.8.3 and prior versions in addition to 2.9.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-302: Authentication Bypass by Assumed-Immutable Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-15074",
"datePublished": "2020-07-14T17:27:31",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36382
Vulnerability from cvelistv5
Published
2021-06-04 10:47
Modified
2024-08-04 17:23
Severity ?
EPSS score ?
Summary
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/ | x_refsource_MISC | |
| https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | OpenVPN Access Server |
Version: 2.7.3 to 2.8.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.7.3 to 2.8.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T10:47:15",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-36382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "2.7.3 to 2.8.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"name": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/",
"refsource": "MISC",
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-36382",
"datePublished": "2021-06-04T10:47:15",
"dateReserved": "2021-05-31T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5868
Vulnerability from cvelistv5
Published
2017-05-25 19:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1038547 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2017/05/23/13 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
},
{
"name": "1038547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038547"
},
{
"name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
},
{
"name": "1038547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038547"
},
{
"name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
},
{
"name": "1038547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038547"
},
{
"name": "[oss-security] 20170523 [CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5868",
"datePublished": "2017-05-25T19:00:00",
"dateReserved": "2017-02-02T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46849
Vulnerability from cvelistv5
Published
2023-11-11 00:05
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | OpenVPN | OpenVPN 2 (Community) |
Version: 2.6.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.1",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-11T00:05:13.487Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46849",
"datePublished": "2023-11-11T00:05:13.487Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2024-08-02T20:53:21.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2229
Vulnerability from cvelistv5
Published
2006-05-05 19:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openvpn.net/man.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/433000/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/432867/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/432863/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/25660 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openvpn.net/man.html"
},
{
"name": "20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433000/100/0/threaded"
},
{
"name": "20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432867/100/0/threaded"
},
{
"name": "20060503 OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432863/100/0/threaded"
},
{
"name": "25660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openvpn.net/man.html"
},
{
"name": "20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433000/100/0/threaded"
},
{
"name": "20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432867/100/0/threaded"
},
{
"name": "20060503 OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432863/100/0/threaded"
},
{
"name": "25660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openvpn.net/man.html",
"refsource": "MISC",
"url": "http://openvpn.net/man.html"
},
{
"name": "20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433000/100/0/threaded"
},
{
"name": "20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432867/100/0/threaded"
},
{
"name": "20060503 OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432863/100/0/threaded"
},
{
"name": "25660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2229",
"datePublished": "2006-05-05T19:00:00",
"dateReserved": "2006-05-05T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3409
Vulnerability from cvelistv5
Published
2005-11-02 00:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17447 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17480 | third-party-advisory, x_refsource_SECUNIA | |
| http://openvpn.net/changelog.html | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_25_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/15270 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/415487 | vendor-advisory, x_refsource_OPENPKG | |
| http://secunia.com/advisories/17452 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/20416 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2005/dsa-885 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17376 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17447"
},
{
"name": "17480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openvpn.net/changelog.html"
},
{
"name": "SUSE-SR:2005:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "GLSA-200511-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"name": "15270",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15270"
},
{
"name": "OpenPKG-SA-2005.023",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"name": "17452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17452"
},
{
"name": "20416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20416"
},
{
"name": "DSA-885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"name": "17376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17447"
},
{
"name": "17480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openvpn.net/changelog.html"
},
{
"name": "SUSE-SR:2005:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "GLSA-200511-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"name": "15270",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15270"
},
{
"name": "OpenPKG-SA-2005.023",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"name": "17452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17452"
},
{
"name": "20416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20416"
},
{
"name": "DSA-885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"name": "17376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17376"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17447"
},
{
"name": "17480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17480"
},
{
"name": "http://openvpn.net/changelog.html",
"refsource": "CONFIRM",
"url": "http://openvpn.net/changelog.html"
},
{
"name": "SUSE-SR:2005:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "GLSA-200511-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"name": "15270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15270"
},
{
"name": "OpenPKG-SA-2005.023",
"refsource": "OPENPKG",
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"name": "17452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17452"
},
{
"name": "20416",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20416"
},
{
"name": "DSA-885",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"name": "17376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17376"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3409",
"datePublished": "2005-11-02T00:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15077
Vulnerability from cvelistv5
Published
2021-06-04 10:42
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/ | x_refsource_MISC | |
| https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | OpenVPN Access Server |
Version: 2.8.7 and earlier versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.8.7 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T10:42:01",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2020-15077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "2.8.7 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"name": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/",
"refsource": "MISC",
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2020-15077",
"datePublished": "2021-06-04T10:42:01",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8104
Vulnerability from cvelistv5
Published
2014-12-03 18:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:139 | vendor-advisory, x_refsource_MANDRIVA | |
| http://advisories.mageia.org/MGASA-2014-0512.html | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2430-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-3084 | vendor-advisory, x_refsource_DEBIAN | |
| https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0512.html"
},
{
"name": "USN-2430-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2430-1"
},
{
"name": "DSA-3084",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3084"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b"
},
{
"name": "openSUSE-SU-2014:1594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2015:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0512.html"
},
{
"name": "USN-2430-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2430-1"
},
{
"name": "DSA-3084",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3084"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b"
},
{
"name": "openSUSE-SU-2014:1594",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:139",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:139"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0512.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0512.html"
},
{
"name": "USN-2430-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2430-1"
},
{
"name": "DSA-3084",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3084"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b",
"refsource": "CONFIRM",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b"
},
{
"name": "openSUSE-SU-2014:1594",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8104",
"datePublished": "2014-12-03T18:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9104
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/532795/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2014/Jul/76 | mailing-list, x_refsource_FULLDISC | |
| https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt | x_refsource_MISC | |
| http://openvpn.net/index.php/access-server/security-advisories.html | x_refsource_CONFIRM | |
| https://www.youtube.com/watch?v=qhgysgfvQh8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532795/100/0/threaded"
},
{
"name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/76"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openvpn.net/index.php/access-server/security-advisories.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=qhgysgfvQh8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532795/100/0/threaded"
},
{
"name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/76"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openvpn.net/index.php/access-server/security-advisories.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=qhgysgfvQh8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532795/100/0/threaded"
},
{
"name": "20140716 SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server \"Desktop Client\"",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/76"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt"
},
{
"name": "http://openvpn.net/index.php/access-server/security-advisories.html",
"refsource": "CONFIRM",
"url": "http://openvpn.net/index.php/access-server/security-advisories.html"
},
{
"name": "https://www.youtube.com/watch?v=qhgysgfvQh8",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=qhgysgfvQh8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9104",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-11-26T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2061
Vulnerability from cvelistv5
Published
2013-11-15 18:16
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=960192 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/05/06/6 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:167 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html | vendor-advisory, x_refsource_SUSE | |
| https://bugs.gentoo.org/show_bug.cgi?id=468756 | x_refsource_CONFIRM | |
| https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee | x_refsource_CONFIRM | |
| https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2013-7552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html"
},
{
"name": "FEDORA-2013-7531",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html"
},
{
"name": "openSUSE-SU-2013:1645",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960192"
},
{
"name": "[oss-security] 20130506 Re: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/06/6"
},
{
"name": "MDVSA-2013:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:167"
},
{
"name": "openSUSE-SU-2013:1649",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=468756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-30T21:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2013-7552",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html"
},
{
"name": "FEDORA-2013-7531",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html"
},
{
"name": "openSUSE-SU-2013:1645",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960192"
},
{
"name": "[oss-security] 20130506 Re: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/06/6"
},
{
"name": "MDVSA-2013:167",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:167"
},
{
"name": "openSUSE-SU-2013:1649",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=468756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2013-7552",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html"
},
{
"name": "FEDORA-2013-7531",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html"
},
{
"name": "openSUSE-SU-2013:1645",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=960192",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960192"
},
{
"name": "[oss-security] 20130506 Re: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/06/6"
},
{
"name": "MDVSA-2013:167",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:167"
},
{
"name": "openSUSE-SU-2013:1649",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=468756",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=468756"
},
{
"name": "https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee",
"refsource": "CONFIRM",
"url": "https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc",
"refsource": "CONFIRM",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2061",
"datePublished": "2013-11-15T18:16:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3393
Vulnerability from cvelistv5
Published
2005-11-01 11:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17447 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17480 | third-party-advisory, x_refsource_SECUNIA | |
| http://openvpn.net/changelog.html | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_25_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/15239 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/415487 | vendor-advisory, x_refsource_OPENPKG | |
| http://secunia.com/advisories/17452 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/2255 | vdb-entry, x_refsource_VUPEN | |
| http://marc.info/?l=bugtraq&m=113081023121059&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2005/dsa-885 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17376 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17447"
},
{
"name": "17480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openvpn.net/changelog.html"
},
{
"name": "SUSE-SR:2005:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "GLSA-200511-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"name": "15239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15239"
},
{
"name": "OpenPKG-SA-2005.023",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"name": "17452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17452"
},
{
"name": "ADV-2005-2255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2255"
},
{
"name": "20051031 OpenVPN[v2.0.x]: foreign_option() formart string vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081023121059\u0026w=2"
},
{
"name": "DSA-885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"name": "17376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17447"
},
{
"name": "17480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openvpn.net/changelog.html"
},
{
"name": "SUSE-SR:2005:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "GLSA-200511-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"name": "15239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15239"
},
{
"name": "OpenPKG-SA-2005.023",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"name": "17452",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17452"
},
{
"name": "ADV-2005-2255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2255"
},
{
"name": "20051031 OpenVPN[v2.0.x]: foreign_option() formart string vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113081023121059\u0026w=2"
},
{
"name": "DSA-885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"name": "17376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17376"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17447"
},
{
"name": "17480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17480"
},
{
"name": "http://openvpn.net/changelog.html",
"refsource": "CONFIRM",
"url": "http://openvpn.net/changelog.html"
},
{
"name": "SUSE-SR:2005:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "GLSA-200511-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"name": "15239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15239"
},
{
"name": "OpenPKG-SA-2005.023",
"refsource": "OPENPKG",
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"name": "17452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17452"
},
{
"name": "ADV-2005-2255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2255"
},
{
"name": "20051031 OpenVPN[v2.0.x]: foreign_option() formart string vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113081023121059\u0026w=2"
},
{
"name": "DSA-885",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"name": "17376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17376"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3393",
"datePublished": "2005-11-01T11:00:00",
"dateReserved": "2005-11-01T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33738
Vulnerability from cvelistv5
Published
2022-07-06 15:10
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | OpenVPN Access Server |
Version: until 2.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "until 2.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331: Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T15:10:33",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2022-33738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "until 2.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331: Insufficient Entropy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2022-33738",
"datePublished": "2022-07-06T15:10:33",
"dateReserved": "2022-06-15T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11462
Vulnerability from cvelistv5
Published
2020-05-04 13:45
Modified
2024-08-04 11:28
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:14.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T13:45:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11462",
"datePublished": "2020-05-04T13:45:41",
"dateReserved": "2020-04-01T00:00:00",
"dateUpdated": "2024-08-04T11:28:14.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46850
Vulnerability from cvelistv5
Published
2023-11-11 00:15
Modified
2025-01-08 21:44
Severity ?
EPSS score ?
Summary
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | OpenVPN | OpenVPN 2 (Community) |
Version: 2.6.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46850",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T21:43:36.505056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T21:44:02.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-11T00:15:07.076Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46850",
"datePublished": "2023-11-11T00:15:07.076Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-01-08T21:44:02.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4234
Vulnerability from cvelistv5
Published
2022-07-06 19:10
Modified
2024-08-03 17:23
Severity ?
EPSS score ?
Summary
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | OpenVPN Access Server |
Version: 2.10 and prior version |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:09.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenVPN Access Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.10 and prior version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-406",
"description": "CWE-406: Insufficient Control of Network Message Volume",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T19:10:17",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@openvpn.net",
"ID": "CVE-2021-4234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN Access Server",
"version": {
"version_data": [
{
"version_value": "2.10 and prior version"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-406: Insufficient Control of Network Message Volume"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0",
"refsource": "MISC",
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2021-4234",
"datePublished": "2022-07-06T19:10:17",
"dateReserved": "2022-07-01T00:00:00",
"dateUpdated": "2024-08-03T17:23:09.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2692
Vulnerability from cvelistv5
Published
2014-05-13 14:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/52802 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/93111 | vdb-entry, x_refsource_OSVDB | |
| http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52802"
},
{
"name": "93111",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-13T13:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52802"
},
{
"name": "93111",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-2692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52802"
},
{
"name": "93111",
"refsource": "OSVDB",
"url": "http://osvdb.org/93111"
},
{
"name": "http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html",
"refsource": "CONFIRM",
"url": "http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-2692",
"datePublished": "2014-05-13T14:00:00",
"dateReserved": "2013-03-26T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8953
Vulnerability from cvelistv5
Published
2020-02-13 03:13
Modified
2024-08-04 10:12
Severity ?
EPSS score ?
Summary
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
References
| ▼ | URL | Tags |
|---|---|---|
| https://openvpn.net/security-advisories/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:11.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://openvpn.net/security-advisories/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T03:13:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://openvpn.net/security-advisories/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openvpn.net/security-advisories/",
"refsource": "CONFIRM",
"url": "https://openvpn.net/security-advisories/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8953",
"datePublished": "2020-02-13T03:13:02",
"dateReserved": "2020-02-12T00:00:00",
"dateUpdated": "2024-08-04T10:12:11.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-11-01 12:47
Modified
2024-11-21 00:01
Severity ?
Summary
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn | 2.0 | |
| openvpn | openvpn | 2.0_beta11 | |
| openvpn | openvpn_access_server | 2.0.1 | |
| openvpn | openvpn_access_server | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6457C946-123B-4B85-9253-D284A7A16A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D263CA-8B2C-4B66-8990-6224BAF52A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B42CB75B-355B-4D80-91EA-77723B275D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5EFEC7-D9B6-454A-A36A-C75874564FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option."
}
],
"id": "CVE-2005-3393",
"lastModified": "2024-11-21T00:01:47.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-01T12:47:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113081023121059\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://openvpn.net/changelog.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17376"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17447"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17452"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17480"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15239"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113081023121059\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openvpn.net/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2255"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-14 18:15
Modified
2024-11-21 05:04
Severity ?
Summary
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@openvpn.net | https://openvpn.net/vpn-server-resources/release-notes/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/vpn-server-resources/release-notes/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * | |
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2A3EA8-FDC3-4C27-B59A-9EFC11395F60",
"versionEndExcluding": "2.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8833B00-0170-42C7-99BB-D1E53CC32380",
"versionEndExcluding": "2.9.6",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."
},
{
"lang": "es",
"value": "El servidor de acceso OpenVPN anterior a la versi\u00f3n 2.8.4 y la versi\u00f3n 2.9.5 genera nuevos tokens de autenticaci\u00f3n de usuario en lugar de reutilizar los tokens existentes en la reconexi\u00f3n, lo que permite eludir la marca de tiempo de caducidad del token inicial"
}
],
"id": "CVE-2020-15074",
"lastModified": "2024-11-21T05:04:45.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-14T18:15:14.680",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-302"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 11:15
Modified
2024-11-21 05:29
Severity ?
Summary
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCB7D6A-6B44-48D0-B392-56292BA7D35C",
"versionEndIncluding": "2.8.7",
"versionStartIncluding": "2.7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service."
},
{
"lang": "es",
"value": "OpenVPN Access Server versiones 2.7.3 a 2.8.7, permite a atacantes remotos desencadenar una aserci\u00f3n durante la fase de autenticaci\u00f3n del usuario por medio de datos de token de autenticaci\u00f3n incorrectos en una fase temprana de la autenticaci\u00f3n del usuario, resultando en una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2020-36382",
"lastModified": "2024-11-21T05:29:22.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T11:15:07.790",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/"
},
{
"source": "security@openvpn.net",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-06 16:15
Modified
2024-11-21 07:08
Severity ?
Summary
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@openvpn.net | https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315C5F8-CF55-4561-87FA-09A49636FDCB",
"versionEndExcluding": "2.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal"
},
{
"lang": "es",
"value": "OpenVPN Access Server versiones anteriores a 2.11, usa un generador aleatorio d\u00e9bil para crear un token de sesi\u00f3n de usuario para el portal web"
}
],
"id": "CVE-2022-33738",
"lastModified": "2024-11-21T07:08:26.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T16:15:08.500",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-06 22:04
Modified
2024-11-21 00:09
Severity ?
Summary
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn | 2.0 | |
| openvpn | openvpn | 2.0.4 | |
| openvpn | openvpn_access_server | 2.0.1 | |
| openvpn | openvpn_access_server | 2.0.2 | |
| openvpn | openvpn_access_server | 2.0.3 | |
| openvpn | openvpn_access_server | 2.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6457C946-123B-4B85-9253-D284A7A16A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF6B1F4-6313-4BF4-AD87-431A1C9D40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B42CB75B-355B-4D80-91EA-77723B275D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5EFEC7-D9B6-454A-A36A-C75874564FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21846206-4CF3-426F-9BE7-93471987BC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED93D78-3BA8-43DB-B5AF-D2D3941C9DAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable."
}
],
"evaluatorSolution": "OpenVPN version 2.0.6 fixes this vulnerability.",
"id": "CVE-2006-1629",
"lastModified": "2024-11-21T00:09:20.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-06T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openvpn.net/changelog.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19531"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19598"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19837"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19897"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=10093825\u0026forum_id=8482"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1045"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:069"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osreviews.net/reviews/security/openvpn-print"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24444"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17392"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1261"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openvpn.net/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=10093825\u0026forum_id=8482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osreviews.net/reviews/security/openvpn-print"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25667"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-03 18:59
Modified
2024-11-21 02:18
Severity ?
Summary
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0ECEAF-401A-434E-9B0A-1A234BAEFC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "E751FA0E-0DF4-4F81-912A-1A132640246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43F61AC6-EDF6-4818-BA51-3EAA299680B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "D32984D8-9631-407B-834E-303B9405A425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "CB44A872-3FE2-47E9-BA84-B6E1015E1973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "F020080D-7181-400D-988E-6844D1653464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "86D08038-9815-4222-9CD3-1211FE5954A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43EA96-5B3C-498F-A040-C800821DA49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "236F2BBF-0CF5-465E-9E65-8AD6D17F57A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF6B1F4-6313-4BF4-AD87-431A1C9D40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA031086-95E4-4447-A06B-3B2926E3265F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8ABC0A-80F7-4B7A-9D0A-015C53D1A1B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0A6E23-6456-4305-A7DA-8CA1D506D4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "D985B9F0-5B4F-4120-8ECF-506C5F6179FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7E6096-58BF-47F1-982B-27A9ED735AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "62362541-FE20-47ED-9E03-94216A3D43CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BD7019-BBA5-4D08-85C8-571D2EC03FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1D56A4-A03C-445C-993B-1AA12024D4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "F563B1FD-FC1F-4304-8141-A1188A190835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "4269ED1A-3031-4572-B134-62C6E533D176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc9:*:*:*:*:*:*:*",
"matchCriteriaId": "140999A7-E9BB-4459-B3F8-48DF8F5DFE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc10:*:*:*:*:*:*:*",
"matchCriteriaId": "41CD75B0-24D0-40BA-A4FB-925BD5414298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc11:*:*:*:*:*:*:*",
"matchCriteriaId": "DED8F3C5-8E43-4B07-8224-38BF4774F4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc12:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC88614-E782-447B-B854-955498FAAA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C1B8EE-3C12-452F-986E-6FD8A230685A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc14:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AC6851-F63E-47D7-BDEF-3BFF39E94D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc15:*:*:*:*:*:*:*",
"matchCriteriaId": "685F5555-793D-4FAA-8CF4-578490CFAC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc16:*:*:*:*:*:*:*",
"matchCriteriaId": "E688CF0C-134B-49E2-AEB3-45ECACB8B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc17:*:*:*:*:*:*:*",
"matchCriteriaId": "1D385327-D1FF-4A22-A0C0-0C5AA53590C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc18:*:*:*:*:*:*:*",
"matchCriteriaId": "51329755-1DBF-40E1-960C-E924CDC4B22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc19:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE65AC5-C218-456F-86FB-1C8BEC3C4598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc20:*:*:*:*:*:*:*",
"matchCriteriaId": "1412133F-3B44-43B6-A4FF-FF80E7B564E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc21:*:*:*:*:*:*:*",
"matchCriteriaId": "B55EE355-28A1-4955-9ADD-A8E02376C9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test1:*:*:*:*:*:*:*",
"matchCriteriaId": "E942C13E-6B54-465F-8026-ED49BD7EA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test2:*:*:*:*:*:*:*",
"matchCriteriaId": "AADF30CF-AD36-45EB-AF50-EB0533B20B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD078F82-361C-4B38-86E8-85E129F41A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test4:*:*:*:*:*:*:*",
"matchCriteriaId": "09ADBC1B-7835-4D63-AA86-EF056E008F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9831C92-7717-4650-8689-3C41B773C5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3521E7-572E-4ADD-AAF6-F1AE505B4BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test7:*:*:*:*:*:*:*",
"matchCriteriaId": "F73290B2-384B-4B0F-8763-EF4D5D7C39FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test8:*:*:*:*:*:*:*",
"matchCriteriaId": "4728B3CD-5B54-4B0B-8967-DE7D9E1474F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test9:*:*:*:*:*:*:*",
"matchCriteriaId": "F353B495-D69A-4831-9E5B-F15F8F749C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test10:*:*:*:*:*:*:*",
"matchCriteriaId": "16647409-3ADD-4E86-A053-4A7B8365700E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test11:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5CA9F6-68FE-4412-8CD5-F85E970249F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test12:*:*:*:*:*:*:*",
"matchCriteriaId": "74A74354-1EAB-4A4F-A79C-C04E9BCDF594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test14:*:*:*:*:*:*:*",
"matchCriteriaId": "03A016A3-CAA9-4FCB-B909-F4163CE1E19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test15:*:*:*:*:*:*:*",
"matchCriteriaId": "82A53B7C-8E9D-4DD6-8B00-628F7796A365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test16:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5AADA5-05DA-4660-9636-A3B737916A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test17:*:*:*:*:*:*:*",
"matchCriteriaId": "2778FEDE-063B-4454-9FA7-F526334CF9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test18:*:*:*:*:*:*:*",
"matchCriteriaId": "989D471D-3F81-4018-A124-7FBEB3F4AB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test19:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EA97AE-B2DD-40F8-81E1-467E895CE736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test20:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C82A6A-4548-4508-B337-1061E57D78AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test21:*:*:*:*:*:*:*",
"matchCriteriaId": "36A972BC-6956-4195-933C-F3694BFEFB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test22:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EF5187-C008-4927-B5CB-A491768E9822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test23:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A39ECE-7C8D-4BB8-A408-08EA0879F03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test24:*:*:*:*:*:*:*",
"matchCriteriaId": "6C67474C-3274-4F62-AF98-6953F9744522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test25:*:*:*:*:*:*:*",
"matchCriteriaId": "5196B669-CF0F-4FED-9EAF-72F335436BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test26:*:*:*:*:*:*:*",
"matchCriteriaId": "D799CAF5-BFC3-4A80-8AE2-D292B7F9D9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test27:*:*:*:*:*:*:*",
"matchCriteriaId": "98D3B905-FCD7-4136-A94C-76A95994CD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test28:*:*:*:*:*:*:*",
"matchCriteriaId": "F696A07E-ECE3-4010-A908-A006C85EECCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test29:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE172A1-D9A5-4FF7-B316-4E0BD639B35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-1:*:*:*:*:*:*",
"matchCriteriaId": "8459B597-7229-446D-905D-B1528AE72A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-10:*:*:*:*:*:*",
"matchCriteriaId": "70873B7B-C431-4D21-81FE-C5DB695E51A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-11:*:*:*:*:*:*",
"matchCriteriaId": "6841F4A3-DFF8-48A7-A88B-52C71DB19096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-12:*:*:*:*:*:*",
"matchCriteriaId": "DBAECB05-74F1-410E-B2D4-6B789D275BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-13:*:*:*:*:*:*",
"matchCriteriaId": "D1BCCE52-CFC5-4EED-8A1F-12649A1F0ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-14:*:*:*:*:*:*",
"matchCriteriaId": "C6826F2C-9769-4F70-8121-988986C9DAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-15:*:*:*:*:*:*",
"matchCriteriaId": "38CDC26A-2EA1-4FD1-BE82-09ABE335A778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-16:*:*:*:*:*:*",
"matchCriteriaId": "F4284CC6-B78D-478D-B815-3FB4D884A726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "453245EF-965E-4F93-83D3-48B90FE48A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-3:*:*:*:*:*:*",
"matchCriteriaId": "EF5EC30A-3DC5-4E7A-836C-8664F716416C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-4:*:*:*:*:*:*",
"matchCriteriaId": "2678B55D-319C-43F6-B728-7A321D4B3209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-5:*:*:*:*:*:*",
"matchCriteriaId": "E35E44F6-BEBB-4042-83D2-A7EA0973741D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-6:*:*:*:*:*:*",
"matchCriteriaId": "FAE85542-1693-4DC6-9948-7255E4773BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-7:*:*:*:*:*:*",
"matchCriteriaId": "7D1C661A-5BD4-4BC3-88E8-31412B8160F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-8:*:*:*:*:*:*",
"matchCriteriaId": "2EEF3348-775A-4DE0-AAF0-482B91A3AC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:beta-9:*:*:*:*:*:*",
"matchCriteriaId": "82269255-618E-43DC-9486-B17A790844F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_1:*:*:*:*:*:*",
"matchCriteriaId": "F972B6E6-0553-454E-BF58-107E7A9EC9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_10:*:*:*:*:*:*",
"matchCriteriaId": "973BB008-9779-4F7F-8759-1266430EE01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_11:*:*:*:*:*:*",
"matchCriteriaId": "5DC24D46-CD48-480E-862E-AF2E4D6BEECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_12:*:*:*:*:*:*",
"matchCriteriaId": "AD17C1C3-73FF-4B96-8E90-73D64A59A02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_13:*:*:*:*:*:*",
"matchCriteriaId": "86DCBDE1-C3D8-4E1A-85B1-E82D4957434A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_14:*:*:*:*:*:*",
"matchCriteriaId": "1A939316-AAB3-4731-9CBF-C4FB103EF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_15:*:*:*:*:*:*",
"matchCriteriaId": "97EEF414-D6EF-4DA4-809A-CC4D795EC4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_16:*:*:*:*:*:*",
"matchCriteriaId": "C7E98A8B-D506-46EB-A013-6E992245BB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_17:*:*:*:*:*:*",
"matchCriteriaId": "062BBC75-316A-4A75-B013-C65575BA1879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_18:*:*:*:*:*:*",
"matchCriteriaId": "21364ECB-DBA6-4222-8138-7367971621B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_19:*:*:*:*:*:*",
"matchCriteriaId": "A72074A1-9296-40AE-A456-97FEA13B1FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_2:*:*:*:*:*:*",
"matchCriteriaId": "9DBF4843-5E4F-4C47-BBF8-4ADB45C422E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_20:*:*:*:*:*:*",
"matchCriteriaId": "736E4AF6-126C-4521-983A-36599E658BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_21:*:*:*:*:*:*",
"matchCriteriaId": "199F38E7-44A5-47DE-AE71-E04D06B456CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_22:*:*:*:*:*:*",
"matchCriteriaId": "6495D598-AF9E-4258-A193-32712D3B4340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_3:*:*:*:*:*:*",
"matchCriteriaId": "61BB61B4-2769-4F59-875F-9269C551E386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_4:*:*:*:*:*:*",
"matchCriteriaId": "DBD947CF-98BC-4C84-8149-B4EEFF1015AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_5:*:*:*:*:*:*",
"matchCriteriaId": "FE621907-2D6B-4558-A9B9-E98AAF236D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_6:*:*:*:*:*:*",
"matchCriteriaId": "B57458F3-B8F9-454E-98B1-9FA33ABDF0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_7:*:*:*:*:*:*",
"matchCriteriaId": "42F0E1FF-0863-418C-BD26-F3B18B257370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_8:*:*:*:*:*:*",
"matchCriteriaId": "B0E905D4-34F6-4ACD-8D86-0C9E29EDB282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1:rc_9:*:*:*:*:*:*",
"matchCriteriaId": "201BAAB4-181A-45CF-8800-AEFA3AFC44DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88C2922E-6E95-45BF-ABF1-B1D799769DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A74DA07-5725-46B5-BC90-B1B2A2562E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83495B90-FD8D-453B-B39E-B6630BC9E1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E027B8-5D0D-4DA3-8D25-FAC2CAAE971C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A241E3-1F25-48C9-A49F-6F9E805E7732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2FD8F84B-583A-4605-B939-75E90B28AAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "7C996321-0770-4949-B627-EFD23CA54DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0863345A-59FC-4FE9-AC18-4949B69FC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D7559EF0-C9C5-4D1A-BED3-8DC10A1FA0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7557FBEB-9F01-482A-BD92-E4636216B278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D915A07-3B93-4D7C-8D52-73B696392B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E75645E-829A-414B-9758-33E68C397D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4ED809-BBE7-4D82-BBB8-CF47134B676B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "2CAF2208-8204-4747-BCD7-0640E8D37DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "C52337EC-B6F2-4D24-946B-2BC0F7AB289B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "7ECE3870-15C5-444D-8791-C95E3154B6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "73308E91-F884-41BF-8B6F-D5ECA69BC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EEE9B244-7B5D-4089-8DF9-4618340EB09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A3CF7B64-4C8E-482A-8D54-9033234322E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0001EA6-8B77-474F-AB96-B64BE06F9071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311B464F-A8B0-4258-86E5-05CBE0CBCACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77D50828-4D5C-4EDD-960E-C59F13ED64A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D15C3021-8F17-4869-ACFB-E567000ECE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68F52EAE-E3B5-4186-A11C-A481F54B79C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FF9F2DF9-3E2B-4B31-8735-334EECB6F6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "486CD3E2-1B1A-4A1D-98ED-0E2EEAB0A0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B42CB75B-355B-4D80-91EA-77723B275D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5EFEC7-D9B6-454A-A36A-C75874564FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21846206-4CF3-426F-9BE7-93471987BC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED93D78-3BA8-43DB-B5AF-D2D3941C9DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B16482-8058-46A8-9D56-DB73BFE32A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F105F380-57BF-44BD-B31D-9D36DF9210A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C802FAF2-EAB3-4C79-B1D1-D27C8D5CEE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF722539-0A07-4C74-85F0-342195714D2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet."
},
{
"lang": "es",
"value": "OpenVPN 2.x anterior a 2.0.11, 2.1.x, 2.2.x anterior a 2.2.3, y 2.3.x anterior a 2.3.6 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del servidor) a trav\u00e9s de un paquete de canal de control peque\u00f1o."
}
],
"id": "CVE-2014-8104",
"lastModified": "2024-11-21T02:18:33.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-03T18:59:00.063",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0512.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2430-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0512.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2430-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-26 01:29
Modified
2024-11-21 03:28
Severity ?
Summary
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/05/23/13 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1038547 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/ | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/05/23/13 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038547 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/ | Exploit, Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | 2.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "431DD791-4429-4E6E-B43C-4E7EFB7C6B62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n CRLF en la interfaz web en OpenVPN Access Server versi\u00f3n 2.1.4, permite a los atacantes remotos inyectar encabezados HTTP arbitrarios y, en consecuencia, conducir ataques de fijaci\u00f3n de sesi\u00f3n y posiblemente ataques de divisi\u00f3n de respuesta HTTP por medio de caracteres \"%0A\" en la variable PATH_INFO en la funci\u00f3n __session_start __ /."
}
],
"id": "CVE-2017-5868",
"lastModified": "2024-11-21T03:28:34.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T01:29:00.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038547"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/23/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 15:15
Modified
2024-11-21 06:22
Severity ?
Summary
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@openvpn.net | https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED7A850-8482-4155-A135-EBED544E4806",
"versionEndIncluding": "2.9.4",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL."
},
{
"lang": "es",
"value": "OpenVPN Access Server versiones 2.9.0 hasta 2.9.4, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de la URL de la p\u00e1gina de inicio de sesi\u00f3n"
}
],
"id": "CVE-2021-3824",
"lastModified": "2024-11-21T06:22:32.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T15:15:07.973",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-9-5"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-84"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-02 00:02
Modified
2024-11-21 00:01
Severity ?
Summary
OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6457C946-123B-4B85-9253-D284A7A16A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0ECEAF-401A-434E-9B0A-1A234BAEFC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "E751FA0E-0DF4-4F81-912A-1A132640246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43F61AC6-EDF6-4818-BA51-3EAA299680B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "D32984D8-9631-407B-834E-303B9405A425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "CB44A872-3FE2-47E9-BA84-B6E1015E1973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "F020080D-7181-400D-988E-6844D1653464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "86D08038-9815-4222-9CD3-1211FE5954A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43EA96-5B3C-498F-A040-C800821DA49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "236F2BBF-0CF5-465E-9E65-8AD6D17F57A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEBEDA-437A-4942-8A71-7B25DD558BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB8A78E-DAB9-4A72-BC54-58230E1E9B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D74ED1-34C5-4F95-A941-83664AFFF2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "0747C1A9-C404-4FBD-AA8F-9DBB70FEB4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3B1AD4-9EA0-4D86-90E1-3366FBC5629D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E483BD0-CAB9-4DA0-AAA4-A934B8318FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04FAB1-A558-4F93-9FBF-043DE259A813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "A189A733-3130-41B4-94DD-E99E294D0FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE5695-DC49-445D-864A-4739E16DF762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBF146F-2CFA-4F14-BFBC-E01B58F9F72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D263CA-8B2C-4B66-8990-6224BAF52A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "825C9FCE-AD76-4E32-8FEC-EEFA0662BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta13:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7519FA-831A-41D7-AFC3-B9457E6DFB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta15:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB79AFD-493F-41F1-9EC1-8BCC0D28A914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta16:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8F091B-194A-4FC5-87F4-A76CB490F3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta17:*:*:*:*:*:*:*",
"matchCriteriaId": "11716B49-A920-4A1B-BEA5-4105213B9731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta18:*:*:*:*:*:*:*",
"matchCriteriaId": "756A7AF5-E502-4EDC-9693-4041C993E3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta19:*:*:*:*:*:*:*",
"matchCriteriaId": "9885BC3E-1854-4561-9906-FFAEECA5B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta20:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B7759F-F228-436D-BC86-7317B0109C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta28:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB9BD19-1BF9-42D0-9E43-7D95EE010347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0A6E23-6456-4305-A7DA-8CA1D506D4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "D985B9F0-5B4F-4120-8ECF-506C5F6179FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7E6096-58BF-47F1-982B-27A9ED735AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "62362541-FE20-47ED-9E03-94216A3D43CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BD7019-BBA5-4D08-85C8-571D2EC03FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1D56A4-A03C-445C-993B-1AA12024D4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "F563B1FD-FC1F-4304-8141-A1188A190835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "4269ED1A-3031-4572-B134-62C6E533D176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc9:*:*:*:*:*:*:*",
"matchCriteriaId": "140999A7-E9BB-4459-B3F8-48DF8F5DFE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc10:*:*:*:*:*:*:*",
"matchCriteriaId": "41CD75B0-24D0-40BA-A4FB-925BD5414298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc11:*:*:*:*:*:*:*",
"matchCriteriaId": "DED8F3C5-8E43-4B07-8224-38BF4774F4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc12:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC88614-E782-447B-B854-955498FAAA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C1B8EE-3C12-452F-986E-6FD8A230685A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc14:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AC6851-F63E-47D7-BDEF-3BFF39E94D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc15:*:*:*:*:*:*:*",
"matchCriteriaId": "685F5555-793D-4FAA-8CF4-578490CFAC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc16:*:*:*:*:*:*:*",
"matchCriteriaId": "E688CF0C-134B-49E2-AEB3-45ECACB8B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc17:*:*:*:*:*:*:*",
"matchCriteriaId": "1D385327-D1FF-4A22-A0C0-0C5AA53590C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc18:*:*:*:*:*:*:*",
"matchCriteriaId": "51329755-1DBF-40E1-960C-E924CDC4B22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc19:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE65AC5-C218-456F-86FB-1C8BEC3C4598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc20:*:*:*:*:*:*:*",
"matchCriteriaId": "1412133F-3B44-43B6-A4FF-FF80E7B564E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc21:*:*:*:*:*:*:*",
"matchCriteriaId": "B55EE355-28A1-4955-9ADD-A8E02376C9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test1:*:*:*:*:*:*:*",
"matchCriteriaId": "E942C13E-6B54-465F-8026-ED49BD7EA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test2:*:*:*:*:*:*:*",
"matchCriteriaId": "AADF30CF-AD36-45EB-AF50-EB0533B20B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD078F82-361C-4B38-86E8-85E129F41A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9831C92-7717-4650-8689-3C41B773C5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3521E7-572E-4ADD-AAF6-F1AE505B4BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test7:*:*:*:*:*:*:*",
"matchCriteriaId": "F73290B2-384B-4B0F-8763-EF4D5D7C39FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test8:*:*:*:*:*:*:*",
"matchCriteriaId": "4728B3CD-5B54-4B0B-8967-DE7D9E1474F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test9:*:*:*:*:*:*:*",
"matchCriteriaId": "F353B495-D69A-4831-9E5B-F15F8F749C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test10:*:*:*:*:*:*:*",
"matchCriteriaId": "16647409-3ADD-4E86-A053-4A7B8365700E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test11:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5CA9F6-68FE-4412-8CD5-F85E970249F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test12:*:*:*:*:*:*:*",
"matchCriteriaId": "74A74354-1EAB-4A4F-A79C-C04E9BCDF594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test14:*:*:*:*:*:*:*",
"matchCriteriaId": "03A016A3-CAA9-4FCB-B909-F4163CE1E19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test15:*:*:*:*:*:*:*",
"matchCriteriaId": "82A53B7C-8E9D-4DD6-8B00-628F7796A365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test16:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5AADA5-05DA-4660-9636-A3B737916A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test17:*:*:*:*:*:*:*",
"matchCriteriaId": "2778FEDE-063B-4454-9FA7-F526334CF9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test18:*:*:*:*:*:*:*",
"matchCriteriaId": "989D471D-3F81-4018-A124-7FBEB3F4AB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test19:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EA97AE-B2DD-40F8-81E1-467E895CE736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test20:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C82A6A-4548-4508-B337-1061E57D78AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test21:*:*:*:*:*:*:*",
"matchCriteriaId": "36A972BC-6956-4195-933C-F3694BFEFB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test22:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EF5187-C008-4927-B5CB-A491768E9822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test23:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A39ECE-7C8D-4BB8-A408-08EA0879F03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test24:*:*:*:*:*:*:*",
"matchCriteriaId": "6C67474C-3274-4F62-AF98-6953F9744522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test26:*:*:*:*:*:*:*",
"matchCriteriaId": "D799CAF5-BFC3-4A80-8AE2-D292B7F9D9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test27:*:*:*:*:*:*:*",
"matchCriteriaId": "98D3B905-FCD7-4136-A94C-76A95994CD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test29:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE172A1-D9A5-4FF7-B316-4E0BD639B35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B42CB75B-355B-4D80-91EA-77723B275D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5EFEC7-D9B6-454A-A36A-C75874564FCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler."
}
],
"id": "CVE-2005-3409",
"lastModified": "2024-11-21T00:01:50.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-02T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openvpn.net/changelog.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17376"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17447"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17452"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17480"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20416"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openvpn.net/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15270"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-11 01:15
Modified
2024-11-21 08:29
Severity ?
Summary
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn | * | |
| openvpn | openvpn_access_server | * | |
| openvpn | openvpn_access_server | 2.12.0 | |
| openvpn | openvpn_access_server | 2.12.1 | |
| debian | debian_linux | 12.0 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3A398A7A-395F-4CA8-9D72-1DDD337D5074",
"versionEndIncluding": "2.6.6",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54464223-5988-40E7-B94B-D7B8DE999704",
"versionEndIncluding": "2.11.3",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A71564-0966-47F0-BB81-B6BFA071E402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC187755-A908-4CD5-8F35-869EA5D9A3B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service."
},
{
"lang": "es",
"value": "El uso de la opci\u00f3n --fragment en ciertas configuraciones de OpenVPN versi\u00f3n 2.6.0 a 2.6.6 permite a un atacante desencadenar un comportamiento de divisi\u00f3n por cero que podr\u00eda provocar un bloqueo de la aplicaci\u00f3n y provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2023-46849",
"lastModified": "2024-11-21T08:29:25.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-11T01:15:07.270",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"source": "security@openvpn.net",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"source": "security@openvpn.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
},
{
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"source": "security@openvpn.net",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-06 16:15
Modified
2024-11-21 07:08
Severity ?
Summary
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@openvpn.net | https://openvpn.net/vpn-server-resources/release-notes/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/vpn-server-resources/release-notes/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9240D0-8D69-4A89-A3AC-C3CE7040ACDE",
"versionEndExcluding": "2.11.0",
"versionStartIncluding": "2.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"
},
{
"lang": "es",
"value": "El instalador de OpenVPN Access Server crea un archivo de registro legible para todo el mundo, que a partir de la versi\u00f3n 2.10.0 y versiones anteriores a 2.11.0, puede contener una contrase\u00f1a de administrador generada aleatoriamente"
}
],
"id": "CVE-2022-33737",
"lastModified": "2024-11-21T07:08:26.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T16:15:08.453",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-708"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-06 20:15
Modified
2024-11-21 06:37
Severity ?
Summary
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@openvpn.net | https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F315C5F8-CF55-4561-87FA-09A49636FDCB",
"versionEndExcluding": "2.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack."
},
{
"lang": "es",
"value": "OpenVPN Access Server versiones 2.10 y versiones anteriores, son susceptibles de reenviar m\u00faltiples paquetes en respuesta a un paquete de reinicio enviado desde el cliente al que \u00e9ste no responde de nuevo, resultando en un ataque de amplificaci\u00f3n limitada"
}
],
"id": "CVE-2021-4234",
"lastModified": "2024-11-21T06:37:12.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T20:15:08.127",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-406"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-11 01:15
Modified
2024-11-21 08:29
Severity ?
Summary
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn | * | |
| openvpn | openvpn_access_server | * | |
| openvpn | openvpn_access_server | * | |
| debian | debian_linux | 12.0 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"matchCriteriaId": "3A398A7A-395F-4CA8-9D72-1DDD337D5074",
"versionEndIncluding": "2.6.6",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54464223-5988-40E7-B94B-D7B8DE999704",
"versionEndIncluding": "2.11.3",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8D0B4E-A0BF-4A33-9031-987D8BD45F65",
"versionEndExcluding": "2.12.2",
"versionStartIncluding": "2.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."
},
{
"lang": "es",
"value": "Use after free en OpenVPN versi\u00f3n 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, p\u00e9rdida de b\u00faferes de memoria o ejecuci\u00f3n remota al enviar b\u00faferes de red a un par remoto."
}
],
"id": "CVE-2023-46850",
"lastModified": "2024-11-21T08:29:25.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-11T01:15:07.357",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"source": "security@openvpn.net",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"source": "security@openvpn.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
},
{
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"source": "security@openvpn.net",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-13 14:55
Modified
2024-11-21 01:52
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DDB0E3-20AF-45B1-A91E-14CD795F4D11",
"versionEndIncluding": "1.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la interfaz Admin web en OpenVPN Access Server anterior a 1.8.5 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que crean usuarios administrativos."
}
],
"id": "CVE-2013-2692",
"lastModified": "2024-11-21T01:52:10.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-13T14:55:09.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/93111"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52802"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-13 04:15
Modified
2024-11-21 05:39
Severity ?
Summary
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://openvpn.net/security-advisories/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/security-advisories/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62245FE-36BD-41E1-9BDB-37C30B643E6D",
"versionEndExcluding": "2.8.1",
"versionStartIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication)."
},
{
"lang": "es",
"value": "OpenVPN Access Server versiones 2.8.x anteriores a 2.8.1, permite una omisi\u00f3n de autenticaci\u00f3n LDAP (excepto cuando un usuario est\u00e1 inscrito en autenticaci\u00f3n de dos factores)."
}
],
"id": "CVE-2020-8953",
"lastModified": "2024-11-21T05:39:44.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-13T04:15:11.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisories/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisories/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-05 19:02
Modified
2024-11-21 00:10
Severity ?
Summary
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6457C946-123B-4B85-9253-D284A7A16A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D0ECEAF-401A-434E-9B0A-1A234BAEFC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "E751FA0E-0DF4-4F81-912A-1A132640246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43F61AC6-EDF6-4818-BA51-3EAA299680B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "D32984D8-9631-407B-834E-303B9405A425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "CB44A872-3FE2-47E9-BA84-B6E1015E1973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "F020080D-7181-400D-988E-6844D1653464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.1_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "86D08038-9815-4222-9CD3-1211FE5954A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43EA96-5B3C-498F-A040-C800821DA49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "236F2BBF-0CF5-465E-9E65-8AD6D17F57A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF6B1F4-6313-4BF4-AD87-431A1C9D40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA031086-95E4-4447-A06B-3B2926E3265F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEBEDA-437A-4942-8A71-7B25DD558BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB8A78E-DAB9-4A72-BC54-58230E1E9B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D74ED1-34C5-4F95-A941-83664AFFF2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "0747C1A9-C404-4FBD-AA8F-9DBB70FEB4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3B1AD4-9EA0-4D86-90E1-3366FBC5629D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E483BD0-CAB9-4DA0-AAA4-A934B8318FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta7:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04FAB1-A558-4F93-9FBF-043DE259A813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta8:*:*:*:*:*:*:*",
"matchCriteriaId": "A189A733-3130-41B4-94DD-E99E294D0FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta9:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEE5695-DC49-445D-864A-4739E16DF762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta10:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBF146F-2CFA-4F14-BFBC-E01B58F9F72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta11:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D263CA-8B2C-4B66-8990-6224BAF52A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta12:*:*:*:*:*:*:*",
"matchCriteriaId": "825C9FCE-AD76-4E32-8FEC-EEFA0662BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta13:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7519FA-831A-41D7-AFC3-B9457E6DFB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta15:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB79AFD-493F-41F1-9EC1-8BCC0D28A914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta16:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8F091B-194A-4FC5-87F4-A76CB490F3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta17:*:*:*:*:*:*:*",
"matchCriteriaId": "11716B49-A920-4A1B-BEA5-4105213B9731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta18:*:*:*:*:*:*:*",
"matchCriteriaId": "756A7AF5-E502-4EDC-9693-4041C993E3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta19:*:*:*:*:*:*:*",
"matchCriteriaId": "9885BC3E-1854-4561-9906-FFAEECA5B6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta20:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B7759F-F228-436D-BC86-7317B0109C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_beta28:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB9BD19-1BF9-42D0-9E43-7D95EE010347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0A6E23-6456-4305-A7DA-8CA1D506D4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "D985B9F0-5B4F-4120-8ECF-506C5F6179FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7E6096-58BF-47F1-982B-27A9ED735AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "62362541-FE20-47ED-9E03-94216A3D43CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BD7019-BBA5-4D08-85C8-571D2EC03FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1D56A4-A03C-445C-993B-1AA12024D4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "F563B1FD-FC1F-4304-8141-A1188A190835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "4269ED1A-3031-4572-B134-62C6E533D176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc9:*:*:*:*:*:*:*",
"matchCriteriaId": "140999A7-E9BB-4459-B3F8-48DF8F5DFE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc10:*:*:*:*:*:*:*",
"matchCriteriaId": "41CD75B0-24D0-40BA-A4FB-925BD5414298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc11:*:*:*:*:*:*:*",
"matchCriteriaId": "DED8F3C5-8E43-4B07-8224-38BF4774F4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc12:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC88614-E782-447B-B854-955498FAAA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C1B8EE-3C12-452F-986E-6FD8A230685A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc14:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AC6851-F63E-47D7-BDEF-3BFF39E94D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc15:*:*:*:*:*:*:*",
"matchCriteriaId": "685F5555-793D-4FAA-8CF4-578490CFAC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc16:*:*:*:*:*:*:*",
"matchCriteriaId": "E688CF0C-134B-49E2-AEB3-45ECACB8B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc17:*:*:*:*:*:*:*",
"matchCriteriaId": "1D385327-D1FF-4A22-A0C0-0C5AA53590C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc18:*:*:*:*:*:*:*",
"matchCriteriaId": "51329755-1DBF-40E1-960C-E924CDC4B22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc19:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE65AC5-C218-456F-86FB-1C8BEC3C4598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc20:*:*:*:*:*:*:*",
"matchCriteriaId": "1412133F-3B44-43B6-A4FF-FF80E7B564E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_rc21:*:*:*:*:*:*:*",
"matchCriteriaId": "B55EE355-28A1-4955-9ADD-A8E02376C9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test1:*:*:*:*:*:*:*",
"matchCriteriaId": "E942C13E-6B54-465F-8026-ED49BD7EA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test2:*:*:*:*:*:*:*",
"matchCriteriaId": "AADF30CF-AD36-45EB-AF50-EB0533B20B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD078F82-361C-4B38-86E8-85E129F41A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test4:*:*:*:*:*:*:*",
"matchCriteriaId": "09ADBC1B-7835-4D63-AA86-EF056E008F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9831C92-7717-4650-8689-3C41B773C5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3521E7-572E-4ADD-AAF6-F1AE505B4BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test7:*:*:*:*:*:*:*",
"matchCriteriaId": "F73290B2-384B-4B0F-8763-EF4D5D7C39FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test8:*:*:*:*:*:*:*",
"matchCriteriaId": "4728B3CD-5B54-4B0B-8967-DE7D9E1474F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test9:*:*:*:*:*:*:*",
"matchCriteriaId": "F353B495-D69A-4831-9E5B-F15F8F749C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test10:*:*:*:*:*:*:*",
"matchCriteriaId": "16647409-3ADD-4E86-A053-4A7B8365700E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test11:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5CA9F6-68FE-4412-8CD5-F85E970249F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test12:*:*:*:*:*:*:*",
"matchCriteriaId": "74A74354-1EAB-4A4F-A79C-C04E9BCDF594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test14:*:*:*:*:*:*:*",
"matchCriteriaId": "03A016A3-CAA9-4FCB-B909-F4163CE1E19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test15:*:*:*:*:*:*:*",
"matchCriteriaId": "82A53B7C-8E9D-4DD6-8B00-628F7796A365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test16:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5AADA5-05DA-4660-9636-A3B737916A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test17:*:*:*:*:*:*:*",
"matchCriteriaId": "2778FEDE-063B-4454-9FA7-F526334CF9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test18:*:*:*:*:*:*:*",
"matchCriteriaId": "989D471D-3F81-4018-A124-7FBEB3F4AB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test19:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EA97AE-B2DD-40F8-81E1-467E895CE736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test20:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C82A6A-4548-4508-B337-1061E57D78AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test21:*:*:*:*:*:*:*",
"matchCriteriaId": "36A972BC-6956-4195-933C-F3694BFEFB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test22:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EF5187-C008-4927-B5CB-A491768E9822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test23:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A39ECE-7C8D-4BB8-A408-08EA0879F03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test24:*:*:*:*:*:*:*",
"matchCriteriaId": "6C67474C-3274-4F62-AF98-6953F9744522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test25:*:*:*:*:*:*:*",
"matchCriteriaId": "5196B669-CF0F-4FED-9EAF-72F335436BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test26:*:*:*:*:*:*:*",
"matchCriteriaId": "D799CAF5-BFC3-4A80-8AE2-D292B7F9D9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test27:*:*:*:*:*:*:*",
"matchCriteriaId": "98D3B905-FCD7-4136-A94C-76A95994CD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.0_test29:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE172A1-D9A5-4FF7-B316-4E0BD639B35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B42CB75B-355B-4D80-91EA-77723B275D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5EFEC7-D9B6-454A-A36A-C75874564FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4ED93D78-3BA8-43DB-B5AF-D2D3941C9DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B16482-8058-46A8-9D56-DB73BFE32A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F105F380-57BF-44BD-B31D-9D36DF9210A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service."
}
],
"id": "CVE-2006-2229",
"lastModified": "2024-11-21T00:10:50.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-05T19:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openvpn.net/man.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25660"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432863/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432867/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433000/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openvpn.net/man.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432863/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432867/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433000/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:20
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04EA4696-D31F-4C00-BDBB-017FCFB2C96D",
"versionEndIncluding": "1.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en la API XML-RPC en Desktop Client en OpenVPN Access Server 1.5.6 y anteriores permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que (1) desconectan sesiones VPN establecidas, (2) conectan con servidores VPN arbitrarios, o (3) crean perfiles VPN y ejecutan comandos arbitrarios a trav\u00e9s de solicitudes de la API manipuladas."
}
],
"id": "CVE-2014-9104",
"lastModified": "2024-11-21T02:20:13.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:19.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://openvpn.net/index.php/access-server/security-advisories.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/76"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532795/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/watch?v=qhgysgfvQh8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openvpn.net/index.php/access-server/security-advisories.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532795/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-1_OpenVPN_Access_Server_Desktop_Client_Remote_Code_Execution_via_CSRF_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.youtube.com/watch?v=qhgysgfvQh8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 11:15
Modified
2024-11-21 05:04
Severity ?
Summary
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@openvpn.net | https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/ | Vendor Advisory | |
| security@openvpn.net | https://openvpn.net/vpn-server-resources/release-notes/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/vpn-server-resources/release-notes/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB7CAB1-ECA3-4F8F-9DFD-048BD7ABE8E0",
"versionEndIncluding": "2.8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks."
},
{
"lang": "es",
"value": "OpenVPN Access Server versiones 2.8.7 y anteriores, permiten a atacantes remotos omitir la autenticaci\u00f3n y los datos del canal de control de acceso en servidores configurados con autenticaci\u00f3n diferida, que puede ser usado para desencadenar potencialmente nuevos filtrados de informaci\u00f3n"
}
],
"id": "CVE-2020-15077",
"lastModified": "2024-11-21T05:04:45.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T11:15:07.697",
"references": [
{
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
},
{
"source": "security@openvpn.net",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
],
"sourceIdentifier": "security@openvpn.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-305"
}
],
"source": "security@openvpn.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 02:55
Modified
2024-11-21 01:50
Severity ?
Summary
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn | * | |
| openvpn | openvpn | 1.2.0 | |
| openvpn | openvpn | 1.2.1 | |
| openvpn | openvpn | 1.3.0 | |
| openvpn | openvpn | 1.3.1 | |
| openvpn | openvpn | 1.3.2 | |
| openvpn | openvpn | 1.4.0 | |
| openvpn | openvpn | 1.4.1 | |
| openvpn | openvpn | 1.4.2 | |
| openvpn | openvpn | 1.4.3 | |
| openvpn | openvpn | 1.5.0 | |
| openvpn | openvpn | 1.6.0 | |
| openvpn | openvpn | 2.1.0 | |
| openvpn | openvpn | 2.2.0 | |
| openvpn | openvpn_access_server | 2.0.0 | |
| opensuse | opensuse | 11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC35891F-BC4F-4DBB-8879-4952685D419E",
"versionEndIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "912E57A3-A4D0-4736-858F-51A500E886B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13960B6E-F1E8-49E5-88A0-ECCC938AC4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "862743EA-7B6E-4478-AD90-1F930E97BB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79114721-FA19-43FF-8030-74652FCF937B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3AF5D2-21CC-4243-A2A4-99273B7AD9D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B693F0CA-7A3A-42CA-A6BE-62D840CE336C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "345C3123-7E73-4094-8764-8BF881B6ABE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F00F2FF1-9CC2-446B-9468-1FB7D40371E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB625AC3-B428-44BB-99F4-F0FE00DA1C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C25DDCBB-798B-43BF-88FF-2EDB57BEA01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F6FE9B-62E0-47E3-A977-DA51249A353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88C2922E-6E95-45BF-ABF1-B1D799769DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D915A07-3B93-4D7C-8D52-73B696392B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "486CD3E2-1B1A-4A1D-98ED-0E2EEAB0A0CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher."
},
{
"lang": "es",
"value": "La funci\u00f3n openvpn_decrypt en el archivo crypto.c en OpenVPN versiones 2.3.0 y anteriores, cuando se ejecuta en modo UDP, permite a los atacantes remotos obtener informaci\u00f3n confidencial por medio de un ataque de sincronizaci\u00f3n que implica una funci\u00f3n de comparaci\u00f3n HMAC que no se ejecuta en tiempo constante y un ataque de tipo padding oracle en el cifrado en modo CBC."
}
],
"id": "CVE-2013-2061",
"lastModified": "2024-11-21T01:50:57.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T02:55:07.530",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:167"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/05/06/6"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=468756"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960192"
},
{
"source": "secalert@redhat.com",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/05/06/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=468756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=960192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-04 14:15
Modified
2024-11-21 04:57
Severity ?
Summary
An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvpn | openvpn_access_server | * | |
| openvpn | openvpn_access_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4368EC50-E4DA-42CB-8476-CF4B37DA082C",
"versionEndExcluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83828BAF-83AD-448E-A2B5-EF1598429DC2",
"versionEndIncluding": "2.8.3",
"versionStartIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE) payload to the XMLRPC based RPC2 interface. The duration of the DoS state depends on available memory and CPU speed. The default restricted mode of the RPC2 interface is NOT vulnerable."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en OpenVPN Access Server versiones anteriores a la versi\u00f3n 2.7.0 y versiones 2.8.x anteriores a la versi\u00f3n 2.8.3. Con la interfaz RPC2 con todas las funcionalidades activadas, es posible conseguir un estado DoS temporal de la interfaz de administraci\u00f3n cuando se env\u00eda una carga \u00fatil XML Entity Expansion (XEE) hacia la interfaz RPC2 basada en XMLRPC. La duraci\u00f3n del estado DoS depende de la memoria disponible y de la velocidad de una CPU. El modo restringido por defecto de la interfaz RPC2 NO es vulnerable."
}
],
"id": "CVE-2020-11462",
"lastModified": "2024-11-21T04:57:57.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-04T14:15:13.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://openvpn.net/vpn-server-resources/release-notes/#Release_notes_for_OpenVPN_Access_Server_283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}