CVE-2021-31605

Опубликовано: 27 сент. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.

Ссылки

http://packetstormsecurity.com/files/164278/OpenVPN-Monitor-1.1.3-Command-Injection.html
Third Party Advisory
VDB Entry
https://github.com/furlongm/openvpn-monitor/releases
Third Party Advisory
http://packetstormsecurity.com/files/164278/OpenVPN-Monitor-1.1.3-Command-Injection.html
Third Party Advisory
VDB Entry
https://github.com/furlongm/openvpn-monitor/releases
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openvpn-monitor_project:openvpn-monitor:*:*:*:*:*:*:*:*

Версия до 1.1.3 (включая)

EPSS

Процентиль: 84%

0.02194

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-4258-vcjw-wwxx