Search criteria
7 vulnerabilities found for Access Server by OpenVPN
CVE-2025-50055 (GCVE-0-2025-50055)
Vulnerability from nvd – Published: 2025-10-27 13:39 – Updated: 2025-10-30 18:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN | Access Server |
Affected:
2.14.0 , ≤ 2.14.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-50055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T18:23:34.406354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:23:58.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.14.3",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:access_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.14.3",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:39:43.652Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-0"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-50055",
"datePublished": "2025-10-27T13:39:43.652Z",
"dateReserved": "2025-06-11T17:29:58.718Z",
"dateUpdated": "2025-10-30T18:23:58.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46850 (GCVE-0-2023-46850)
Vulnerability from nvd – Published: 2023-11-11 00:15 – Updated: 2025-12-16 18:23
VLAI
Summary
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|
| OpenVPN | Access Server |
Affected:
2.11.0 , ≤ 2.11.3
(patch release)
Affected: 2.12.0 , ≤ 2.12.2 (patch release) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T14:59:47.646924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:24.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:20.991Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46850",
"datePublished": "2023-11-11T00:15:07.076Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-12-16T18:23:24.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46849 (GCVE-0-2023-46849)
Vulnerability from nvd – Published: 2023-11-11 00:05 – Updated: 2025-06-11 14:30
VLAI
Summary
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-369 - Divide By Zero
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|
| OpenVPN | Access Server |
Affected:
2.11.0 , ≤ 2.11.3
(patch release)
Affected: 2.12.0 , ≤ 2.12.1 (patch release) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:28:40.866061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:30:02.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.1",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:19.217Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46849",
"datePublished": "2023-11-11T00:05:13.487Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-06-11T14:30:02.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-50055 (GCVE-0-2025-50055)
Vulnerability from cvelistv5 – Published: 2025-10-27 13:39 – Updated: 2025-10-30 18:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN | Access Server |
Affected:
2.14.0 , ≤ 2.14.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-50055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T18:23:34.406354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:23:58.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.14.3",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvpn:access_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.14.3",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:39:43.652Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-0"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2025-50055",
"datePublished": "2025-10-27T13:39:43.652Z",
"dateReserved": "2025-06-11T17:29:58.718Z",
"dateUpdated": "2025-10-30T18:23:58.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46850 (GCVE-0-2023-46850)
Vulnerability from cvelistv5 – Published: 2023-11-11 00:15 – Updated: 2025-12-16 18:23
VLAI
Summary
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|
| OpenVPN | Access Server |
Affected:
2.11.0 , ≤ 2.11.3
(patch release)
Affected: 2.12.0 , ≤ 2.12.2 (patch release) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T14:59:47.646924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:24.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.2",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:20.991Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46850"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46850",
"datePublished": "2023-11-11T00:15:07.076Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-12-16T18:23:24.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46849 (GCVE-0-2023-46849)
Vulnerability from cvelistv5 – Published: 2023-11-11 00:05 – Updated: 2025-06-11 14:30
VLAI
Summary
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-369 - Divide By Zero
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenVPN | OpenVPN 2 (Community) |
Affected:
2.6.0 , ≤ 2.6.6
(minor release)
|
|
| OpenVPN | Access Server |
Affected:
2.11.0 , ≤ 2.11.3
(patch release)
Affected: 2.12.0 , ≤ 2.12.1 (patch release) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"tags": [
"x_transferred"
],
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:28:40.866061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:30:02.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVPN 2 (Community)",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.6.6",
"status": "affected",
"version": "2.6.0",
"versionType": "minor release"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Server",
"vendor": "OpenVPN",
"versions": [
{
"lessThanOrEqual": "2.11.3",
"status": "affected",
"version": "2.11.0",
"versionType": "patch release"
},
{
"lessThanOrEqual": "2.12.1",
"status": "affected",
"version": "2.12.0",
"versionType": "patch release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T02:06:19.217Z",
"orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"shortName": "OpenVPN"
},
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2023-46849"
},
{
"url": "https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5555"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
"assignerShortName": "OpenVPN",
"cveId": "CVE-2023-46849",
"datePublished": "2023-11-11T00:05:13.487Z",
"dateReserved": "2023-10-27T13:38:49.496Z",
"dateUpdated": "2025-06-11T14:30:02.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-200605-0584
Vulnerability from variot - Updated: 2025-04-03 22:38OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. OpenVPN is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openvpn",
"scope": "eq",
"trust": 1.9,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta18"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta20"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta28"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.6,
"vendor": "openvpn",
"version": "2.0_beta19"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc21"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test16"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test10"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta11"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test11"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc13"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc12"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc20"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test29"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test25"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta10"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc17"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc19"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test22"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test23"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test21"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test20"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test12"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc15"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test9"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc18"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc8"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc14"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test27"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc9"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc10"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test15"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test19"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test3"
},
{
"model": "access server",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test24"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc5"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta13"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta12"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test26"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test7"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta17"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test14"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.3_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc11"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test17"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test18"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta8"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.1_rc4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test8"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.2_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta9"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0.6_rc1"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta16"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_beta15"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_rc16"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 1.0,
"vendor": "openvpn",
"version": "2.0_test4"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.9,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "2.0.1 rc1",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc2",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc3",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc4",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "2.0.1 rc5",
"scope": null,
"trust": 0.6,
"vendor": "openvpn",
"version": null
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "3.1.3"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.7"
},
{
"model": "rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.5"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.3"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"model": "rc7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"model": "test9",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test8",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test29",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test27",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test26",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test25",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test24",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test23",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test22",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test21",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test20",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test19",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test18",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test17",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test16",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test15",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test14",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test12",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test10",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "test1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc9",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc8",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc21",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc20",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc19",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc18",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc17",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc16",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc15",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc14",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc13",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc12",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta9",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta8",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta7",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta6",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta28",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta20",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta19",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta18",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta17",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta16",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta15",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta13",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta12",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta10",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"model": "beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87623"
}
],
"trust": 0.3
},
"cve": "CVE-2006-2229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2006-2229",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2006-2916",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2229",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2006-2916",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-102",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. OpenVPN is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2229"
},
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-2229",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "25660",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2006-2916",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102",
"trust": 0.6
},
{
"db": "BID",
"id": "87623",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"id": "VAR-200605-0584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
}
]
},
"last_update_date": "2025-04-03T22:38:09.669000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://openvpn.net/man.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/432863/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/25660"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/432867/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/433000/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/432863/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/1/archive/1/433000/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/1/archive/1/432867/100/0/threaded"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"db": "BID",
"id": "87623"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"date": "2006-05-05T00:00:00",
"db": "BID",
"id": "87623"
},
{
"date": "2006-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"date": "2006-05-05T19:02:00",
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2916"
},
{
"date": "2006-05-05T00:00:00",
"db": "BID",
"id": "87623"
},
{
"date": "2020-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-102"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenVPN management interface TCP session information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2916"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-102"
}
],
"trust": 0.6
}
}