CVE-2008-3459 — Openvpn vulnerability

CWE-166 documents6 sources

Severity

7.6HIGHNVD

EPSS

0.6%

top 30.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn

Timeline

PublishedAug 4

Latest updateMay 2

Description

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/openvpn< openvpn 2.1~rc9-1 (bookworm)

▶Debianopenvpn/openvpn< 2.1~rc9-1+3

▶NVDopenvpn/openvpn2.1

🔴Vulnerability Details

GHSA

GHSA-w779-ggw7-rxjh: Unspecified vulnerability in OpenVPN 2↗2022-05-02

▶

OSV

CVE-2008-3459: Unspecified vulnerability in OpenVPN 2↗2008-08-04

▶

📋Vendor Advisories

Debian

CVE-2008-3459: openvpn - Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on...↗2008

▶

Red Hat

openvpn: client command execution through remotely received configuration directives↗

▶

💬Community

Bugzilla

CVE-2008-3459 openvpn: client command execution through remotely received configuration directives↗2008-08-03

▶