CVE-2021-4234

EPSS 0.54%
Veröffentlicht 06.07.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 06:37:12
Quelle security@openvpn.net
Teams Watchlist Login
Unerledigt Login

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openvpn ≫ Openvpn Access Server Version < 2.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.664

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-406 Insufficient Control of Network Message Volume (Network Amplification)

The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.

https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-4234

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4234

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4234

EUVD