Authorization Bypass Vulnerability in OpenVPN-Monitor by Furlongm
CVE-2021-31606

7.5HIGH

Key Information:

Vendor: Openvpn-monitor Project
Status: Openvpn-monitor
Vendor: CVE Published:; 27 September 2021

Summary

The vulnerability allows unauthorized disconnection of clients by bypassing access controls in OpenVPN-Monitor version 1.1.3. Attackers can exploit this weakness to disrupt VPN services by disconnecting specific users, which may lead to denial of service scenarios. It's crucial for users of OpenVPN-Monitor to apply security patches and updates to safeguard their systems against potential exploitation of this flaw.

References

https://github.com/furlongm/openvpn-monitor/releases

x_refsource_MISC

http://packetstormsecurity.com/files/164274/OpenVPN-Monit...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2021
Vulnerability Reserved
Apr 23, 2021