Openvpn Access Server Security Vulnerabilities and Issues — Openvpn Access Server CVE List

Lucene search

OpenvpnOpenvpn Access Server

5 matches found

CVE•added 2014/12/03 6:59 p.m.•63 views

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8CVSS5.9AI score0.01465EPSS

CVE•added 2017/05/26 1:29 a.m.•48 views

CVE-2017-5868

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to session_start /.

6.1CVSS6.4AI score0.05514EPSS

CVE•added 2014/11/26 3:59 p.m.•47 views

CVE-2014-9104

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary...

6.8CVSS8.2AI score0.00234EPSS

CVE•added 2021/09/23 3:15 p.m.•44 views

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.

6.1CVSS6.3AI score0.00303EPSS

CVE•added 2014/05/13 2:55 p.m.•28 views

CVE-2013-2692

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.

6.8CVSS7.4AI score0.00182EPSS