CVE-2022-3761

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/	Release Notes
https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openvpn:connect::::::windows::*
	cpe:2.3:a:openvpn:connect::::::macos::*

History

24 Oct 2023, 17:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:openvpn:connect::::::macos::* cpe:2.3:a:openvpn:connect::::::windows::*
First Time		Openvpn connect Openvpn
CWE		CWE-295
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
References	~~(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/ -~~	(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/ - Release Notes
References	~~(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/ -~~	(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/ - Release Notes

17 Oct 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-17 13:15

Updated : 2024-02-28 20:33

NVD link : CVE-2022-3761

Mitre link : CVE-2022-3761

CVE.ORG link : CVE-2022-3761

JSON object : View

Products Affected

openvpn

connect

CWE

CWE-295

Improper Certificate Validation

5.9 /10