Lucene search

K
cveRedhatCVE-2017-7479
HistoryMay 15, 2017 - 6:29 p.m.

CVE-2017-7479

2017-05-1518:29:00
CWE-617
redhat
web.nvd.nist.gov
94
cve-2017-7479
openvpn
dos
vulnerability
nvd

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.004

Percentile

73.1%

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Affected configurations

Nvd
Vulners
Node
openvpnopenvpnRange2.3.14
OR
openvpnopenvpnMatch2.4.0
OR
openvpnopenvpnMatch2.4.0alpha2
OR
openvpnopenvpnMatch2.4.0beta1
OR
openvpnopenvpnMatch2.4.0beta2
OR
openvpnopenvpnMatch2.4.0rc1
OR
openvpnopenvpnMatch2.4.0rc2
OR
openvpnopenvpnMatch2.4.1
VendorProductVersionCPE
openvpnopenvpn*cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*
openvpnopenvpn2.4.0cpe:2.3:a:openvpn:openvpn:2.4.0:*:*:*:*:*:*:*
openvpnopenvpn2.4.0cpe:2.3:a:openvpn:openvpn:2.4.0:alpha2:*:*:*:*:*:*
openvpnopenvpn2.4.0cpe:2.3:a:openvpn:openvpn:2.4.0:beta1:*:*:*:*:*:*
openvpnopenvpn2.4.0cpe:2.3:a:openvpn:openvpn:2.4.0:beta2:*:*:*:*:*:*
openvpnopenvpn2.4.0cpe:2.3:a:openvpn:openvpn:2.4.0:rc1:*:*:*:*:*:*
openvpnopenvpn2.4.0cpe:2.3:a:openvpn:openvpn:2.4.0:rc2:*:*:*:*:*:*
openvpnopenvpn2.4.1cpe:2.3:a:openvpn:openvpn:2.4.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "openvpn",
    "vendor": "OpenVPN Technologies, Inc",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.3.15"
      },
      {
        "status": "affected",
        "version": "< 2.4.2"
      }
    ]
  }
]

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.004

Percentile

73.1%