CVE-2022-33738Insufficient Entropy in Access Server

CWE-331Insufficient EntropyCWE-338Use of Cryptographically Weak Pseudo-Random Number Generator2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 44.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvpn Access Server
Timeline
PublishedJul 6
Latest updateJul 7

Description

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5openvpn/openvpn_access_serveruntil 2.11

🔴Vulnerability Details

1
GHSA
GHSA-94wc-gx8c-8825: OpenVPN Access Server before 22022-07-07
CVE-2022-33738 — Insufficient Entropy in Access Server | cvebase