CVE-2022-3761

2023-10-1712:10:36

CWE-295

OpenVPN

www.cve.org

openvpn connect

vulnerability

user credentials

interception

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials

CNA Affected

[
  {
    "vendor": "OpenVPN Inc",
    "product": "OpenVPN Connect",
    "platforms": [
      "Windows",
      "MacOS"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "until 3.4.0.4506",
        "lessThan": "3.4.0.4506",
        "versionType": "macOS"
      },
      {
        "status": "affected",
        "version": "until 3.4.0.3100",
        "lessThan": "3.4.0.3100",
        "versionType": "Windows"
      }
    ],
    "defaultStatus": "affected"
  }
]