CVE-2021-4234

EPSS 0.54%
Published 06.07.2022 20:15:08
Last modified 21.11.2024 06:37:12
Source security@openvpn.net
Teams watchlist Login
Open Login

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Openvpn ≫ Openvpn Access Server Version < 2.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.54%	0.664

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-406 Insufficient Control of Network Message Volume (Network Amplification)

The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.

https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-4234

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4234

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4234

EUVD