CVE-2022-3761

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials

CVSS v3.0 5.9 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/	Release Notes
https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openvpn:connect::::::macos::*
	cpe:2.3:a:openvpn:connect::::::windows::*

History

24 Oct 2023, 17:34

Type	Values Removed	Values Added
References	~~(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/ -~~	(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/ - Release Notes
References	~~(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/ -~~	(MISC) https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/ - Release Notes
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
CWE		CWE-295
First Time		Openvpn Openvpn connect
CPE		cpe:2.3:a:openvpn:connect::::::windows::* cpe:2.3:a:openvpn:connect::::::macos::*

17 Oct 2023, 15:07

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-17 13:15

Updated : 2023-10-24 17:34

NVD link : CVE-2022-3761

Mitre link : CVE-2022-3761

JSON object : View

Products Affected

openvpn

connect

CWE

CWE-295

Improper Certificate Validation

5.9 /10