Lucene search

[email protected]CVE-2021-4234

HistoryJul 06, 2022 - 8:15 p.m.

CVE-2021-4234

2022-07-0620:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2021-4234

openvpn

access server

amplification attack

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.5%

JSON

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

CPENameOperatorVersion
openvpn:openvpn_access_serveropenvpn openvpn access serverlt2.11.0

CPE	Name	Operator	Version
openvpn:openvpn_access_server	openvpn openvpn access server	lt	2.11.0

References

openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

37.5%

JSON

Related for CVE-2021-4234

prion1