Closed mend-for-github-com[bot] closed 1 year ago
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #65
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #65
Vulnerable Library - openvpnv2.4.11
OpenVPN is an open source VPN daemon
Library home page: https://github.com/OpenVPN/openvpn.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerable Source Files (1)
Vulnerabilities
Details
CVE-2022-0547
### Vulnerable Library - openvpnv2.4.11OpenVPN is an open source VPN daemon
Library home page: https://github.com/OpenVPN/openvpn.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Publish Date: 2022-03-18
URL: CVE-2022-0547
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0547
Release Date: 2022-03-18
Fix Resolution: v2.4.12, v2.5.6
CVE-2021-3606
### Vulnerable Library - openvpnv2.4.11OpenVPN is an open source VPN daemon
Library home page: https://github.com/OpenVPN/openvpn.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).
Publish Date: 2021-07-02
URL: CVE-2021-3606
### CVSS 3 Score Details (7.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3606
Release Date: 2021-07-02
Fix Resolution: v2.5.3
CVE-2020-15078
### Vulnerable Libraries - openvpnv2.4.11, openvpnv2.4.11OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Publish Date: 2021-04-26
URL: CVE-2020-15078
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-15078
Release Date: 2021-04-26
Fix Resolution: openvpn - 2.5.1-2,2.5.1-2,2.4.7-1+deb10u1