Openvpn Luki w zabezpieczeniach

Oś czasu

Rodzaj

Network Encryption Software	18

Produkt

OpenVPN Access Server	11
OpenVPN Connect	4
OpenVPN Core Library	2
OpenVPN Private Tunnel Installer	1

Przeciwdziałanie

Official Fix	8
Temporary Fix	0
Workaround	0
Unavailable	1
Not Defined	9

Wykorzystywanie

High	0
Functional	0
Proof-of-Concept	0
Unproven	0
Not Defined	18

Wektor dostępu

Not Defined	0
Physical	0
Local	2
Adjacent	3
Network	13

Uwierzytelnianie

Not Defined	0
High	0
Low	9
None	9

Interakcja z użytkownikiem

Not Defined	0
Required	2
None	16

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	2
≤5	4
≤6	4
≤7	6
≤8	1
≤9	1
≤10	0

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	2
≤5	4
≤6	4
≤7	6
≤8	1
≤9	1
≤10	0

VulDB

≤1	0
≤2	0
≤3	0
≤4	6
≤5	2
≤6	5
≤7	2
≤8	3
≤9	0
≤10	0

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	1
≤7	2
≤8	6
≤9	0
≤10	1

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	7
<2k	8
<5k	3
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj dzisiaj

<1k	18
<2k	0
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (4): Access Server (11), Connect (4), Core Library (2), Private Tunnel Installer (1)

Opublikowano	Base	Temp	Słaby punkt	Prod	Wyk	Prz	EPSS	CTI	CVE
2024-02-21	3.5	3.5	OpenVPN Core Library PKCS#7 Parser denial of service	Network Encryption Software	Not Defined	Not Defined	0.00043	0.06	CVE-2023-6247
2024-02-20	5.3	5.3	OpenVPN Connect Node.js Framework Local Privilege Escalation	Network Encryption Software	Not Defined	Not Defined	0.00043	0.00	CVE-2023-7245
2024-01-08	6.5	6.5	OpenVPN Connect Environment Variable Local Privilege Escalation	Network Encryption Software	Not Defined	Not Defined	0.00042	0.04	CVE-2023-7224
2023-10-17	4.8	4.7	OpenVPN Connect Configuration Profile weak authentication	Network Encryption Software	Not Defined	Official Fix	0.00085	0.03	CVE-2022-3761
2022-07-07	5.6	5.5	OpenVPN Access Server Web Portal weak encryption	Network Encryption Software	Not Defined	Official Fix	0.00151	0.05	CVE-2022-33738
2022-07-07	5.5	5.5	OpenVPN Access Server information disclosure	Network Encryption Software	Not Defined	Not Defined	0.00150	0.00	CVE-2022-33737
2022-07-07	6.4	6.4	OpenVPN Access Server denial of service	Network Encryption Software	Not Defined	Not Defined	0.00089	0.00	CVE-2021-4234
2021-09-24	4.8	4.7	OpenVPN Access Server Web Login Page privilege escalation	Network Encryption Software	Not Defined	Official Fix	0.00104	0.00	CVE-2021-3824
2021-07-12	3.7	3.6	OpenVPN Core Library Server Certificate weak authentication	Network Encryption Software	Not Defined	Official Fix	0.00087	0.00	CVE-2021-3547
2021-07-03	6.3	6.3	OpenVPN Connect OpenSSL Configuration File OpenVPNConnect.exe privilege escalation	Network Encryption Software	Not Defined	Not Defined	0.00060	0.00	CVE-2021-3613

8 więcej wpisów nie jest pokazywanych

🔒 Login Required

You need to signup and login to see more of the remaining 8 results.

◂ PoprzedniPrzeglądKolejny ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!