CVE-2021-4234Insufficient Control of Network Message Volume (Network Amplification) in Access Server

CWE-406Insufficient Control of Network Message Volume (Network Amplification)2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvpn Access Server
Timeline
PublishedJul 6
Latest updateJul 7

Description

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5openvpn/openvpn_access_server2.10 and prior version

🔴Vulnerability Details

1
GHSA
GHSA-qvww-9jm9-f3pm: OpenVPN Access Server 22022-07-07
CVE-2021-4234 — Openvpn Access Server vulnerability | cvebase