CVE-2006-2229 — Openvpn vulnerability

3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.9%

top 24.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Openvpn Access Server

Timeline

PublishedMay 5

Latest updateMay 1

Description

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.

CVSS vector

AV:N/AC:H/C:P/I:N/A:PExploitability: 4.9 | Impact: 4.9

Affected Packages2 packages

▶NVDopenvpn/openvpn80 versions+79

▶NVDopenvpn/openvpn_access_server5 versions+4

🔴Vulnerability Details

GHSA

GHSA-q6wh-cc86-fx6h: OpenVPN 2↗2022-05-01

▶

OSV

CVE-2006-2229: OpenVPN 2↗2006-05-05

▶