Shodan
Vulnerabilities
Vulnerable Software
Openvpn:  >> Openvpn  Security Vulnerabilities
CVE-2024-4877
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-03
CVE-2025-2704
OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
CVSS Score
7.5
EPSS Score
0.001
Published
2025-04-02
CVE-2024-5594
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-06
CVE-2024-28882
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
CVSS Score
4.3
EPSS Score
0.005
Published
2024-07-08
CVE-2024-24974
The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.
CVSS Score
7.5
EPSS Score
0.097
Published
2024-07-08
CVE-2024-27459
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
CVSS Score
7.8
EPSS Score
0.054
Published
2024-07-08
CVE-2024-27903
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
CVSS Score
9.8
EPSS Score
0.07
Published
2024-07-08
CVE-2023-46849
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-11-11
CVE-2023-46850
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
CVSS Score
9.8
EPSS Score
0.022
Published
2023-11-11
CVE-2020-20813
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved