CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
71.0%
DISPUTED A cross-protocol scripting issue was discovered in the
management interface in OpenVPN through 2.4.5. When this interface is
enabled over TCP without a password, and when no other clients are
connected to this interface, attackers can execute arbitrary management
commands, obtain sensitive information, or cause a denial of service
(SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is
demonstrated by a multipart/form-data POST to http://localhost:23000 with a
“signal SIGTERM” command in a TEXTAREA element. NOTE: The vendor disputes
that this is a vulnerability. They state that this is the result of
improper configuration of the OpenVPN instance rather than an intrinsic
vulnerability, and now more explicitly warn against such configurations in
both the management-interface documentation, and with a runtime warning.
Author | Note |
---|---|
mdeslaur | upstream claims this isn’t a security issue, marking as ignored |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
71.0%