Vulnerability Details CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
- https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/
- https://openvpn.net/community-downloads/
- https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
- https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/
- https://openvpn.net/community-downloads/
Products affected by CVE-2022-0547
-
cpe:2.3:a:openvpn:openvpn:2.1.0
-
cpe:2.3:a:openvpn:openvpn:2.1.1
-
cpe:2.3:a:openvpn:openvpn:2.1.12
-
cpe:2.3:a:openvpn:openvpn:2.1.2
-
cpe:2.3:a:openvpn:openvpn:2.1.28.0
-
cpe:2.3:a:openvpn:openvpn:2.1.3
-
cpe:2.3:a:openvpn:openvpn:2.1.4
-
cpe:2.3:a:openvpn:openvpn:2.1.6
-
cpe:2.3:a:openvpn:openvpn:2.1.8
-
cpe:2.3:a:openvpn:openvpn:2.1.9
-
cpe:2.3:a:openvpn:openvpn:2.2.0
-
cpe:2.3:a:openvpn:openvpn:2.2.1
-
cpe:2.3:a:openvpn:openvpn:2.2.2
-
cpe:2.3:a:openvpn:openvpn:2.2.3
-
cpe:2.3:a:openvpn:openvpn:2.3.0
-
cpe:2.3:a:openvpn:openvpn:2.3.1
-
cpe:2.3:a:openvpn:openvpn:2.3.10
-
cpe:2.3:a:openvpn:openvpn:2.3.11
-
cpe:2.3:a:openvpn:openvpn:2.3.12
-
cpe:2.3:a:openvpn:openvpn:2.3.13
-
cpe:2.3:a:openvpn:openvpn:2.3.14
-
cpe:2.3:a:openvpn:openvpn:2.3.15
-
cpe:2.3:a:openvpn:openvpn:2.3.16
-
cpe:2.3:a:openvpn:openvpn:2.3.17
-
cpe:2.3:a:openvpn:openvpn:2.3.18
-
cpe:2.3:a:openvpn:openvpn:2.3.2
-
cpe:2.3:a:openvpn:openvpn:2.3.3
-
cpe:2.3:a:openvpn:openvpn:2.3.4
-
cpe:2.3:a:openvpn:openvpn:2.3.5
-
cpe:2.3:a:openvpn:openvpn:2.3.6
-
cpe:2.3:a:openvpn:openvpn:2.3.7
-
cpe:2.3:a:openvpn:openvpn:2.3.8
-
cpe:2.3:a:openvpn:openvpn:2.3.9
-
cpe:2.3:a:openvpn:openvpn:2.4.0
-
cpe:2.3:a:openvpn:openvpn:2.4.1
-
cpe:2.3:a:openvpn:openvpn:2.4.10
-
cpe:2.3:a:openvpn:openvpn:2.4.11
-
cpe:2.3:a:openvpn:openvpn:2.4.2
-
cpe:2.3:a:openvpn:openvpn:2.4.3
-
cpe:2.3:a:openvpn:openvpn:2.4.4
-
cpe:2.3:a:openvpn:openvpn:2.4.5
-
cpe:2.3:a:openvpn:openvpn:2.4.6
-
cpe:2.3:a:openvpn:openvpn:2.4.7
-
cpe:2.3:a:openvpn:openvpn:2.4.8
-
cpe:2.3:a:openvpn:openvpn:2.4.9
-
cpe:2.3:a:openvpn:openvpn:2.5.0
-
cpe:2.3:a:openvpn:openvpn:2.5.1
-
cpe:2.3:a:openvpn:openvpn:2.5.2
-
cpe:2.3:a:openvpn:openvpn:2.5.3
-
cpe:2.3:a:openvpn:openvpn:2.5.4
-
cpe:2.3:a:openvpn:openvpn:2.5.5
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:36