Vulnerability Details CVE-2022-33737
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2022-33737
-
cpe:2.3:a:openvpn:openvpn_access_server:2.10.0
-
cpe:2.3:a:openvpn:openvpn_access_server:2.10.1
-
cpe:2.3:a:openvpn:openvpn_access_server:2.10.2
-
cpe:2.3:a:openvpn:openvpn_access_server:2.10.3