Cross-Site Request Forgery Vulnerabilities in OpenVPN Access Server Desktop Client
CVE-2014-9104

Currently unrated

Key Information:

Vendor: Openvpn
Status: Openvpn Access Server
Vendor: CVE Published:; 26 November 2014

Summary

OpenVPN Access Server's Desktop Client has multiple vulnerabilities that allow remote attackers to exploit the XML-RPC API. These vulnerabilities can lead to unauthorized actions such as disconnecting active VPN sessions, connecting to unauthorized VPN servers, or creating new VPN profiles. Attackers may execute arbitrary commands through specially crafted API requests, compromising the integrity and confidentiality of the VPN service.

References

http://www.securityfocus.com/archive/1/532795/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2014/Jul/76

mailing-listx_refsource_FULLDISC

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

Timeline

Vulnerability published
Nov 26, 2014
Vulnerability Reserved
Nov 26, 2014