OpenVPN 2.4.x < 2.4.6 Denial of Service Vulnerability (Windows)

2019-05-1700:00:00

www.tenable.com

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by a denial of service (DoS) vulnerability in its interactive service helper component due to an invalid level of validation for incoming requests. An unauthenticated, local attacker can exploit this issue, by sending malformed requests, to cause the application to stop responding.

#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");

if (description)
{
  script_id(125263);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/30 13:24:47");

  script_cve_id("CVE-2018-9336");

  script_name(english:"OpenVPN 2.4.x < 2.4.6 Denial of Service Vulnerability (Windows)");
  script_summary(english:"Checks the version of OpenVPN.");

  script_set_attribute(attribute:"synopsis", value:
"An application on the remote Windows host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected
by a denial of service (DoS) vulnerability in its interactive service helper component due to an invalid level of 
validation for incoming requests. An unauthenticated, local attacker can exploit this issue, by sending malformed 
requests, to cause the application to stop responding.");
  # https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d07ec3ea");
  script_set_attribute(attribute:"solution", value:"Upgrade to OpenVPN 2.4.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9336");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  
  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openvpn:openvpn");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("openvpn_server_installed.nbin");
  script_require_keys("installed_sw/OpenVPN Server");
  exit(0);
}

include('vcf.inc');

app_info = vcf::get_app_info(app:'OpenVPN Server');

constraints = [{'min_version': '2.4.0', 'fixed_version': '2.4.6'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

VendorProductVersionCPE
openvpnopenvpncpe:/a:openvpn:openvpn

Vendor	Product	Version	CPE
openvpn	openvpn		cpe:/a:openvpn:openvpn

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9336

www.nessus.org/u?d07ec3ea

JSON

Related for OPENVPN_2_4_6.NASL