CVE-2022-3761

🗓️ 17 Oct 2023 12:10:36Reported by OpenVPNType

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download request

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2022-3761	17 Oct 202316:32	–	circl
CNNVD	OpenVPN Connect Trust Management Issues Vulnerabilities	17 Oct 202300:00	–	cnnvd
Cvelist	CVE-2022-3761	17 Oct 202312:10	–	cvelist
EUVD	EUVD-2022-43115	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3761	17 Oct 202313:15	–	nvd
OSV	CVE-2022-3761	17 Oct 202313:15	–	osv
Prion	Design/Logic Flaw	17 Oct 202313:15	–	prion
Positive Technologies	PT-2023-6378 · Openvpn · Openvpn Connect	17 Oct 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-3761	22 May 202522:13	–	redhatcve

NVD

Node

openvpn connectRange<3.4.0.3121windows

openvpn connectRange<3.4.0.4506macos

[
  {
    "vendor": "OpenVPN Inc",
    "product": "OpenVPN Connect",
    "platforms": [
      "Windows",
      "MacOS"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "until 3.4.0.4506",
        "lessThan": "3.4.0.4506",
        "versionType": "macOS"
      },
      {
        "status": "affected",
        "version": "until 3.4.0.3100",
        "lessThan": "3.4.0.3100",
        "versionType": "Windows"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
openvpn	www.openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/
openvpn	www.openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/

21 Nov 2024 07:20Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.9

EPSS0.00143

CWE-295