Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2018-7544
HistoryMar 16, 2018 - 3:29 p.m.

CVE-2018-7544

2018-03-1615:29:00
Debian Security Bug Tracker
security-tracker.debian.org
15

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

71.0%

JSON

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a “signal SIGTERM” command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning

Related

cve 1
cvelist 1
ubuntucve 1
prion 1
nvd 1
nessus 4
openvas 4
suse 1
cve
cve
CVE-2018-7544
2018-03-16 15:29:00
cvelist
cvelist
CVE-2018-7544
2018-03-16 15:00:00
ubuntucve
ubuntucve
CVE-2018-7544
2018-03-16 00:00:00
prion
prion
Input validation
2018-03-16 15:29:00
nvd
nvd
CVE-2018-7544
2018-03-16 15:29:00
nessus
nessus
SUSE SLES11 Security Update : openvpn-openssl1 (SUSE-SU-2021:14723-1)
2021-06-10 00:00:00
SUSE SLES12 Security Update : openvpn (SUSE-SU-2021:1576-1)
2021-05-13 00:00:00
openSUSE Security Update : openvpn (openSUSE-2021-734)
2021-05-18 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1576-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:14723-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1577-1)
2021-06-09 00:00:00
suse
suse
Security update for openvpn (moderate)
2021-05-15 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

71.0%

JSON
Related for DEBIANCVE:CVE-2018-7544
cve1cvelist1ubuntucve1prion1nvd1nessus4openvas4suse1