This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openvpn First view 2008-08-04
Product Openvpn Last view 2022-03-18
Version 2.1 Type Application
Update rc_2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:openvpn:openvpn

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2022-03-18 CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

7.8 2021-07-02 CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).

7.5 2021-04-26 CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

3.7 2020-04-27 CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

7.8 2018-05-01 CVE-2018-9336

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.

9.1 2018-03-16 CVE-2018-7544

** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.

9.8 2017-10-03 CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

6.5 2017-06-27 CVE-2017-7522

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

5.9 2017-06-27 CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

7.4 2017-06-27 CVE-2017-7520

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

7.5 2017-06-27 CVE-2017-7508

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

6.5 2017-05-15 CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

5.9 2017-01-31 CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

6.8 2014-12-03 CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

2.6 2013-11-17 CVE-2013-2061

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

7.6 2008-08-04 CVE-2008-3459

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.

CWE : Common Weakness Enumeration

%idName
11% (2) CWE-617 Reachable Assertion
11% (2) CWE-415 Double Free
11% (2) CWE-200 Information Exposure
5% (1) CWE-787 Out-of-bounds Write
5% (1) CWE-772 Missing Release of Resource after Effective Lifetime
5% (1) CWE-476 NULL Pointer Dereference
5% (1) CWE-427 Uncontrolled Search Path Element
5% (1) CWE-399 Resource Management Errors
5% (1) CWE-362 Race Condition
5% (1) CWE-310 Cryptographic Issues
5% (1) CWE-306 Missing Authentication for Critical Function
5% (1) CWE-287 Improper Authentication
5% (1) CWE-134 Uncontrolled Format String
5% (1) CWE-125 Out-of-bounds Read
5% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
48481 OpenVPN Multiple Crafted Configuration Directive Unspecified Arbitrary Remote...

OpenVAS Exploits

id Description
2008-09-04 Name : FreeBSD Ports: openvpn-devel
File : nvt/freebsd_openvpn-devel.nasl
2008-08-22 Name : OpenVPN Client Remote Code Execution Vulnerability
File : nvt/secpod_openvpn_client_code_exec_vuln_900024.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-27 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-116-01.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5882331351.nasl - Type: ACT_GATHER_INFO
2017-11-06 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-920.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1202.nasl - Type: ACT_GATHER_INFO
2017-10-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2839-1.nasl - Type: ACT_GATHER_INFO
2017-10-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2838-1.nasl - Type: ACT_GATHER_INFO
2017-10-06 Name: An application on the remote host is affected by a bufferoverflow vulnerability.
File: openvpn_2_3_18_and_2_4_4_win.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Fedora host is missing a security update.
File: fedora_2017-700915e34f.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_3dd6ccf4a3c611e7a52e0800279f2ff8.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f8a114cd09.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-89d98779ec.nasl - Type: ACT_GATHER_INFO
2017-07-06 Name: The remote Debian host is missing a security update.
File: debian_DLA-1014.nasl - Type: ACT_GATHER_INFO
2017-07-03 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5596f2f94d.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-730.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-717.nasl - Type: ACT_GATHER_INFO
2017-06-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3900.nasl - Type: ACT_GATHER_INFO
2017-06-28 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-852.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2017-0639fb1490.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3339-1.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-999.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1642-1.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1635-1.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9f65d38256a411e783e3080027ef73ec.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-172-01.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1622-1.nasl - Type: ACT_GATHER_INFO