This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Openvpn First view 2005-08-24
Product Openvpn Last view 2022-03-18
Version 2.0_test22 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:openvpn:openvpn

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2022-03-18 CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

7.8 2021-07-02 CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).

7.5 2021-04-26 CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

3.7 2020-04-27 CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

7.8 2018-05-01 CVE-2018-9336

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.

9.1 2018-03-16 CVE-2018-7544

** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.

9.8 2017-10-03 CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

6.5 2017-06-27 CVE-2017-7522

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

5.9 2017-06-27 CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().

7.4 2017-06-27 CVE-2017-7520

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.

7.5 2017-06-27 CVE-2017-7508

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.

6.5 2017-05-15 CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

5.9 2017-01-31 CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

6.8 2014-12-03 CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

2.6 2013-11-17 CVE-2013-2061

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

4 2006-05-05 CVE-2006-2229

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.

5 2005-11-01 CVE-2005-3409

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.

2.6 2005-08-24 CVE-2005-2534

Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.

2.1 2005-08-24 CVE-2005-2533

OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.

5 2005-08-24 CVE-2005-2532

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.

5 2005-08-24 CVE-2005-2531

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.

CWE : Common Weakness Enumeration

%idName
11% (2) CWE-617 Reachable Assertion
11% (2) CWE-415 Double Free
11% (2) CWE-200 Information Exposure
5% (1) CWE-787 Out-of-bounds Write
5% (1) CWE-772 Missing Release of Resource after Effective Lifetime
5% (1) CWE-476 NULL Pointer Dereference
5% (1) CWE-427 Uncontrolled Search Path Element
5% (1) CWE-399 Resource Management Errors
5% (1) CWE-362 Race Condition
5% (1) CWE-310 Cryptographic Issues
5% (1) CWE-306 Missing Authentication for Critical Function
5% (1) CWE-287 Improper Authentication
5% (1) CWE-134 Uncontrolled Format String
5% (1) CWE-125 Out-of-bounds Read

Open Source Vulnerability Database (OSVDB)

id Description
25660 OpenVPN --management Option Cleartext Password Disclosure
20416 OpenVPN TCP Mode accept() Function Failure NULL Dereference DoS
18885 OpenVPN Client Connection Saturation Duplicate Certificate DoS
18884 OpenVPN Client Spoofed MAC Address Saturation DoS
18883 OpenVPN OpenSSL Error Queue Crafted Packet DoS
18882 OpenVPN OpenSSL Error Queue Arbitrary Disconnect DoS

OpenVAS Exploits

id Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200511-07 (OpenVPN)
File : nvt/glsa_200511_07.nasl
2008-09-04 Name : FreeBSD Ports: openvpn
File : nvt/freebsd_openvpn.nasl
2008-09-04 Name : FreeBSD Ports: openvpn
File : nvt/freebsd_openvpn0.nasl
2008-09-04 Name : FreeBSD Ports: openvpn
File : nvt/freebsd_openvpn1.nasl
2008-09-04 Name : FreeBSD Ports: openvpn
File : nvt/freebsd_openvpn2.nasl
2008-09-04 Name : FreeBSD Ports: openvpn
File : nvt/freebsd_openvpn3.nasl
2008-01-17 Name : Debian Security Advisory DSA 851-1 (openvpn)
File : nvt/deb_851_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 885-1 (openvpn)
File : nvt/deb_885_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-27 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-116-01.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5882331351.nasl - Type: ACT_GATHER_INFO
2017-11-06 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-920.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1202.nasl - Type: ACT_GATHER_INFO
2017-10-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2839-1.nasl - Type: ACT_GATHER_INFO
2017-10-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2838-1.nasl - Type: ACT_GATHER_INFO
2017-10-06 Name: An application on the remote host is affected by a bufferoverflow vulnerability.
File: openvpn_2_3_18_and_2_4_4_win.nasl - Type: ACT_GATHER_INFO
2017-10-03 Name: The remote Fedora host is missing a security update.
File: fedora_2017-700915e34f.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_3dd6ccf4a3c611e7a52e0800279f2ff8.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f8a114cd09.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-89d98779ec.nasl - Type: ACT_GATHER_INFO
2017-07-06 Name: The remote Debian host is missing a security update.
File: debian_DLA-1014.nasl - Type: ACT_GATHER_INFO
2017-07-03 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5596f2f94d.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-730.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-717.nasl - Type: ACT_GATHER_INFO
2017-06-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3900.nasl - Type: ACT_GATHER_INFO
2017-06-28 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-852.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote Fedora host is missing a security update.
File: fedora_2017-0639fb1490.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3339-1.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-999.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1642-1.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1635-1.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_9f65d38256a411e783e3080027ef73ec.nasl - Type: ACT_GATHER_INFO
2017-06-22 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-172-01.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1622-1.nasl - Type: ACT_GATHER_INFO