Man-in-the-Middle Vulnerability in OpenVPN Connect for macOS and Windows
CVE-2022-3761

5.9MEDIUM

Key Information:

Vendor: Openvpn Inc
Status: Openvpn Connect
Vendor: CVE Published:; 17 October 2023

Summary

OpenVPN Connect for macOS and Windows contains a vulnerability that could allow a malicious actor to intercept configuration profile download requests. This flaw can expose sensitive user credentials, thereby enabling unauthorized access. Users are advised to upgrade to the patched versions to mitigate this security risk.

Affected Version(s)

OpenVPN Connect Windows until 3.4.0.4506

OpenVPN Connect Windows until 3.4.0.4506 < 3.4.0.4506

OpenVPN Connect Windows until 3.4.0.3100 < 3.4.0.3100

References

https://openvpn.net/vpn-server-resources/openvpn-connect-...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Oct 31, 2022