Detections
Analytics

OpenVPN < 2.0.1 Multiple Vulnerabilities (Windows)

medium Nessus Plugin ID 125261

Language:

Synopsis

An application on the remote Windows host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is prior to 2.0.1. It is, therefore, affected by multiple vulnerabilities:
 - A denial of service (DoS) vulnerability exists in OpenVPN due to its OpenSSL error queue not being flushed properly.
 An unauthenticated, remote attacker can exploit this issue, by sending a large number of incorrect connection requests, to cause the application to stop responding (CVE-2005-2531) & (CVE-2005-2532).

 - OpenVPN is affected by a denial of service (DoS) vulnerability. An authenticated, remote attacker can exploit this issue, by sending a large of number of packets with spoofed MAC addresses, to cause the application to stop responding (CVE-2005-2533).

 - A denial of service (DoS) vulnerability exists in OpenVPN when --duplicate-cn is not enabled. An unauthenticated, remote attacker can exploit this issue, by issuing simultaneous tcp connections from multiple clients that use the same certificate, to cause the application to stop responding (CVE-2005-2534).

Solution

Upgrade to OpenVPN 2.0.1 or later.

See Also

http://www.nessus.org/u?c7dbca24

Plugin Details

Severity: Medium

ID: 125261

File Name: openvpn_2_0_1.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 5/17/2019

Updated: 10/31/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2005-2532

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openvpn:openvpn

Required KB Items: installed_sw/OpenVPN Server

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 8/16/2005

Vulnerability Publication Date: 8/16/2005

Reference Information

CVE: CVE-2005-2531, CVE-2005-2532, CVE-2005-2533, CVE-2005-2534

BID: 14605, 14607, 14610