Denial of Service Vulnerability in OpenVPN Ranging from 2.3.12 and Above
CVE-2017-7478

7.5HIGH

Key Information:

Vendor

Openvpn Technologies, Inc

Status
Openvpn
Vendor
CVE Published:
15 May 2017

What is CVE-2017-7478?

OpenVPN versions starting from 2.3.12 and newer are susceptible to a denial of service attack due to processing large control packets, which can disrupt server operations. This flaw allows unauthorized users to potentially cause server instability without needing proper authentication. The vulnerability has been addressed in OpenVPN versions 2.3.15 and 2.4.2, underscoring the importance of maintaining updated software to ensure network reliability and security.

Affected Version(s)

openvpn 2.3.12 and newer

References

https://www.exploit-db.com/exploits/41993/
exploitx_refsource_EXPLOIT-DB
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCr...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038473
vdb-entryx_refsource_SECTRACK

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.