CVE-2022-0547

Sažetak

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

Reference

https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/
https://openvpn.net/community-downloads/
https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/
https://openvpn.net/community-downloads/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-04-2025 - 19:15

Objavljeno

18-03-2022 - 18:15