CVE Daily
← All tags

Tag: OpenVPN

All CVEs associated with "OpenVPN". Page 1/2 • 166 CVEs.

About “OpenVPN”

A curated feed of “OpenVPN”-related CVEs appears below. We currently track 166 CVEs for this tag (all time). In the last 365 days, 25 were published. Average CVSS is 7.4 (all time; 6.9 over 365d), and 69% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-287 - Improper Authentication.

In our taxonomy this topic maps to a MODERATE impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: openvpn

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
2.72.7.4Unavailable-
2.62.6.20
2.52.5.11 Expired
2.42.4.12 Expired
2.32.3.18 Expired
2.22.2.3 Expired
2.12.1.4 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “OpenVPN”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-27
Unknown

CVE-2026-45918

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - don't deref NULL sk_socket member after tcp_close() When deleting a peer in case of keepalive expiration, the peer is…

CVSS: N/A CWE: N/A View on NVD
2026-05-26
High

CVE-2026-9560

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2026-05-08
Critical

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2026-05-06
High

CVE-2026-43254

In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn_tcp_recv, we receive large cloned skbs from…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2026-05-05
Medium

CVE-2026-31893

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink followin…

CVSS: 5.5 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
Medium

CVE-2025-42611

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2026-04-09
High

CVE-2024-1490

An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may al…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2026-04-08
Medium

CVE-2026-30817

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is pro…

CVSS: 5.7 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
Medium

CVE-2026-30816

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is p…

CVSS: 5.7 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
High

CVE-2026-30815

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration fil…

CVSS: 8.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2026-04-02
High

CVE-2026-34796

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2026-02-19
Medium

CVE-2019-25429

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Atta…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2019-25428

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Att…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2026-02-18
High

CVE-2026-2670

A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipu…

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2026-01-30
Low

CVE-2025-15497

Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

CVSS: 3.8 CWE: CWE-617 - Reachable Assertion View on NVD
2025-12-03
High

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initia…

CVSS: 7.5 CWE: CWE-940 - Improper Verification of Source of a Communication Channel View on NVD
Medium

CVE-2025-13751

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-12-01
Critical

CVE-2025-12106

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

CVSS: 9.1 CWE: CWE-126 - Buffer Over-read View on NVD
2025-10-28
Medium

CVE-2025-34304

IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via t…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2025-10-27
Medium

CVE-2025-50055

Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoi…

CVSS: 6.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-10-24
High

CVE-2025-10680

OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-06-29
Medium

CVE-2025-24292

A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Au…

CVSS: 6.8 CWE: CWE-287 - Improper Authentication View on NVD
2025-06-27
High

CVE-2025-6776

A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the compo…

CVSS: 7.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-6775

A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creat…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-06-20
Medium

CVE-2025-50054

Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting i…

CVSS: 5.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2025-05-27
Medium

CVE-2025-4412

On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Conse…

CVSS: 4.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2025-05-19
Medium

CVE-2025-3908

The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permis…

CVSS: 6.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2025-05-14
High

CVE-2024-54780

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the Ope…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-04-03
High

CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privi…

CVSS: 8.8 CWE: CWE-268 - Privilege Chaining View on NVD
2025-04-02
High

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2025-03-11
Low

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M8…

CVSS: 3.7 CWE: CWE-187 - Partial String Comparison View on NVD
2025-01-15
Low

CVE-2024-5198

OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a syst…

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-01-14
Critical

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbi…

CVSS: 9.1 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
Critical

CVE-2024-39799

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbi…

CVSS: 9.1 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
Critical

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbi…

CVSS: 9.1 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
Critical

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary co…

CVSS: 9.1 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
2025-01-06
High

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traf…

CVSS: 7.5 CWE: CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer View on NVD
Critical

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

CVSS: 9.1 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
2024-11-05
Medium

CVE-2024-50998

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vul…

CVSS: 5.7 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2024-07-08
Medium

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

CVSS: 4.3 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Critical

CVE-2024-27903

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged…

CVSS: 9.8 CWE: CWE-283 - Unverified Ownership View on NVD
High

CVE-2024-27459

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-24974

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive servic…

CVSS: 7.5 CWE: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints View on NVD
2024-06-27
Medium

CVE-2024-28820

Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who ca…

CVSS: 6.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-05-20
High

CVE-2024-0401

ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a c…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2024-02-29
Medium

CVE-2023-6247

The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-02-21
High

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which…

CVSS: 8.4 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-02-20
High

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context vi…

CVSS: 7.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
2024-01-08
High

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CVSS: 7.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
2023-12-12
Critical

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
High

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-11-11
Critical

CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to…

CVSS: 7.5 CWE: CWE-369 - Divide By Zero View on NVD
2023-10-30
High

CVE-2023-47101

The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-10-17
Medium

CVE-2022-3761

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contai…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
2023-09-18
High

CVE-2023-41349

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN confi…

CVSS: 8.8 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
2023-08-22
High

CVE-2020-20813

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2023-08-05
High

CVE-2022-46782

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on…

CVSS: 7.8 CWE: N/A View on NVD
2023-08-01
Critical

CVE-2022-39986

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/op…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2023-07-06
High

CVE-2023-25124

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25123

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25122

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25118

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25117

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25116

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25115

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-25114

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrar…

CVSS: 7.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2023-07-03
High

CVE-2023-36609

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host…

CVSS: 7.2 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
2023-06-13
Medium

CVE-2023-33621

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or acc…

CVSS: 5.9 CWE: CWE-294 - Authentication Bypass by Capture-replay View on NVD
2023-05-22
Medium

CVE-2023-32348

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner…

CVSS: 5.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2023-04-17
High

CVE-2023-28971

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attac…

CVSS: 7.2 CWE: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints View on NVD
2023-04-10
Medium

CVE-2023-24181

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-11-22
Critical

CVE-2022-44199

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-44198

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-44197

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-44196

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-10-14
High

CVE-2021-27406

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into…

CVSS: 8.8 CWE: CWE-15 - External Control of System or Configuration Setting View on NVD
2022-07-12
High

CVE-2022-34821

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-…

CVSS: 7.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2022-07-06
High

CVE-2021-4234

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting…

CVSS: 7.5 CWE: CWE-406 - Insufficient Control of Network Message Volume (Network Amplification) View on NVD
High

CVE-2022-33738

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal

CVSS: 7.5 CWE: CWE-331 - Insufficient Entropy View on NVD
High

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password

CVSS: 7.5 CWE: CWE-708 - Incorrect Ownership Assignment View on NVD
2022-04-14
Medium

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). Whe…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-03-31
High

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with th…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2022-03-18
Critical

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an exte…

CVSS: 9.8 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2022-02-16
Critical

CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-12-09
High

CVE-2021-20145

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
2021-09-27
High

CVE-2021-31606

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2021-31605

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.

CVSS: 7.5 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2021-31604

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client.

CVSS: 6.5 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2021-09-23
Medium

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.

CVSS: 6.1 CWE: CWE-84 - Improper Neutralization of Encoded URI Schemes in a Web Page View on NVD
2021-08-02
High

CVE-2021-33526

In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configu…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-07-12
High

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in t…

CVSS: 7.4 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2021-07-02
High

CVE-2021-3613

OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-06-28
High

CVE-2021-35523

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the Ope…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-06-04
High

CVE-2020-36382

OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentica…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2020-15077

OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be us…

CVSS: 5.3 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2021-05-04
High

CVE-2020-27518

All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openv…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-04-30
High

CVE-2020-27519

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the l…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-04-26
High

CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentia…

CVSS: 7.5 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2021-03-30
High

CVE-2020-15075

OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.

CVSS: 7.1 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
2020-10-29
High

CVE-2020-27649

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information…

CVSS: 8.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive inf…

CVSS: 8.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
2020-09-17
Medium

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will rema…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2020-09-14
High

CVE-2020-15590

A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via i…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2020-07-14
High

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial t…

CVSS: 7.5 CWE: CWE-302 - Authentication Bypass by Assumed-Immutable Data View on NVD
2020-07-01
Critical

CVE-2020-15473

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2020-05-04
High

CVE-2020-11462

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management…

CVSS: 7.5 CWE: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') View on NVD
2020-04-27
Low

CVE-2020-11810

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arri…

CVSS: 3.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2020-04-16
Critical

CVE-2020-7224

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party…

CVSS: 9.8 CWE: N/A View on NVD
2020-04-14
High

CVE-2020-5739

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additio…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2020-02-28
High

CVE-2020-9442

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dl…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2020-02-13
Critical

CVE-2020-8953

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2020-01-14
High

CVE-2020-5180

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading t…

CVSS: 7.8 CWE: N/A View on NVD
2019-10-28
Critical

CVE-2019-14929

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtai…

CVSS: 9.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2019-10-08
High

CVE-2019-14657

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../..…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-07-11
High

CVE-2019-12579

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges.…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2019-12578

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openv…

CVSS: 7.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
High

CVE-2019-12577

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The macOS…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2019-12576

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openv…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox