Cross-Site Request Forgery Vulnerabilities in OpenVPN Access Server Desktop Client
CVE-2014-9104

Currently unrated

Key Information:

Vendor

Openvpn
Status
Openvpn Access Server
Vendor
CVE Published:
26 November 2014

What is CVE-2014-9104?

OpenVPN Access Server's Desktop Client has multiple vulnerabilities that allow remote attackers to exploit the XML-RPC API. These vulnerabilities can lead to unauthorized actions such as disconnecting active VPN sessions, connecting to unauthorized VPN servers, or creating new VPN profiles. Attackers may execute arbitrary commands through specially crafted API requests, compromising the integrity and confidentiality of the VPN service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/532795/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2014/Jul/76
mailing-listx_refsource_FULLDISC
https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.