CVE-2022-0547
published 2022-03-18CVE-2022-0547: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.52%
87.8th percentile
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | openvpn | < openvpn 2.5.6-1 (bookworm) | openvpn 2.5.6-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | >= 0 < 2.5.1-3+deb11u1 | 2.5.1-3+deb11u1 |
| openvpn | openvpn | >= 0 < 2.5.6-1 | 2.5.6-1 |
| openvpn | openvpn | >= 0 < 2.5.6-1 | 2.5.6-1 |
| openvpn | openvpn | >= 0 < 2.5.6-1 | 2.5.6-1 |
| openvpn | openvpn | >= 2.1.0 < 2.4.12 | 2.4.12 |
| openvpn | openvpn | >= 2.5.0 < 2.5.6 | 2.5.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass is only possible when more than one external authentication plugin is configured AND both make use of deferred authentication replies — monitor OpenVPN configurations for multiple auth plugins with deferred auth enabled ↗
- →Successful exploitation results in access being granted with only partially correct credentials — alert on successful OpenVPN authentications that are anomalous (e.g., unexpected source IPs, off-hours logins) against deployments running multiple auth plugins ↗
- →Affected versions are OpenVPN 2.1 through 2.4.12 and through 2.5.6 (exclusive) — flag any OpenVPN instances reporting version strings in these ranges ↗
- ·Vulnerability is only exploitable when multiple external authentication plugins are simultaneously configured with deferred authentication — single-plugin or non-deferred configurations are not affected ↗
- ·Debian scopes this as 'local' scope — review your deployment context; fixed versions are 2.4.12+ and 2.5.6+ (upstream), 2.5.6-1 (Debian bookworm/sid/trixie/forky), and 2.5.1-3+deb11u1 (Debian bullseye) ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenVPN vulnerability
vendor_ubuntu·2024-06-26
CVE-2022-0547 OpenVPN vulnerability
Title: OpenVPN vulnerability
Summary: OpenVPN could allow unintended access to network services.
It was discovered that OpenVPN incorrectly handled certain configurations
with multiple authentication plugins. A remote attacker could possibly use
this issue to bypass authentication using incomplete credentials.
Instructions: In general, a standard system update will make all the necessary changes.
CISA ICS
Siemens SINAMICS Medium Voltage Products
cisa_ics·2023-06-15·CVSS 7.5
[HIGH] Siemens SINAMICS Medium Voltage Products
ICS Advisory
##
Siemens SINAMICS Medium Voltage Products
Release DateJune 15, 2023
Alert CodeICSA-23-166-12
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely / low attack complexity
- Vendor: Siemens
- Equipment: SINAMICS MV (medium voltage) products
- Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Use After Free, Improper Authentication, OS Command Injection, Improper Certificate Validation, Improper Res
CISA ICS
Siemens SCALANCE, RUGGEDCOM Third-Party
cisa_ics·2023-03-16
Siemens SCALANCE, RUGGEDCOM Third-Party
ICS Advisory
##
Siemens SCALANCE, RUGGEDCOM Third-Party
Release DateMarch 16, 2023
Alert CodeICSA-23-075-01
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: Siemens
- Equipment: Busybox Applet affecting SCALANCE and RUGGEDCOM products
- Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Improper Locking, Improper Input Validation, NULL Pointer Deref
Debian
CVE-2022-0547: openvpn - OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in externa...
vendor_debian·2022·CVSS 9.8
CVE-2022-0547 [CRITICAL] CVE-2022-0547: openvpn - OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in externa...
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Scope: local
bookworm: resolved (fixed in 2.5.6-1)
bullseye: resolved (fixed in 2.5.1-3+deb11u1)
forky: resolved (fixed in 2.5.6-1)
sid: resolved (fixed in 2.5.6-1)
trixie: resolved (fixed in 2.5.6-1)
GHSA
GHSA-g28r-w65r-h89m: OpenVPN 2
ghsa_unreviewed·2022-03-19
CVE-2022-0547 [CRITICAL] CWE-287 GHSA-g28r-w65r-h89m: OpenVPN 2
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
OSV
CVE-2022-0547: OpenVPN 2
osv·2022-03-18·CVSS 9.8
CVE-2022-0547 [CRITICAL] CVE-2022-0547: OpenVPN 2
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
No detection rules found.
No public exploits indexed.
https://community.openvpn.net/openvpn/wiki/CVE-2022-0547https://community.openvpn.net/openvpn/wiki/SecurityAnnouncementshttps://lists.debian.org/debian-lts-announce/2022/05/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/https://openvpn.net/community-downloads/https://community.openvpn.net/openvpn/wiki/CVE-2022-0547https://community.openvpn.net/openvpn/wiki/SecurityAnnouncementshttps://lists.debian.org/debian-lts-announce/2022/05/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00005.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/https://openvpn.net/community-downloads/
2022-03-18
Published