CPE-F8916E9E-7920-4F69-BC61-50D8A3B7C98E Detail

CPE Details

OpenVPN 2.3.17

Vendor

openvpn

Product

openvpn

Version

2.3.17

Created

2019-10-31
16h20 +00:00

Modified

2023-11-27
19h07 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:openvpn:openvpn:2.3.17:::::::*

Informations

Vendor

openvpn

Product

openvpn

Version

2.3.17

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2020-20813	2023-08-21 22h00 +00:00	Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.	7.5	High
CVE-2022-0547	2022-03-18 17h00 +00:00	OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.	9.8	Critical
CVE-2021-3606	2021-07-02 10h30 +00:00	OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe).	7.8	High
CVE-2020-15078	2021-04-26 11h19 +00:00	OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.	7.5	High
CVE-2018-7544	2018-03-16 14h00 +00:00	A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning	9.1	Critical
CVE-2017-12166	2017-10-03 17h00 +00:00	OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.	9.8	Critical

OpenVPN 2.3.17

CPE Details

CPE Name: cpe:2.3:a:openvpn:openvpn:2.3.17:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:openvpn:openvpn:2.3.17:::::::*