exploitDog

CVE-2013-2692

Опубликовано: 13 мая 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.

Ссылки

http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html
Vendor Advisory
http://osvdb.org/93111
http://secunia.com/advisories/52802
Vendor Advisory
http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html
Vendor Advisory
http://osvdb.org/93111
http://secunia.com/advisories/52802
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*

Версия до 1.8.4 (включая)

EPSS

Процентиль: 40%

0.00181

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-ffjg-78h3-q2j5

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.

EPSS

Процентиль: 40%

0.00181

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352