Vulnerabilites related to OpenVPN Inc - OpenVPN Connect
CVE-2022-3761 (GCVE-0-2022-3761)
Vulnerability from cvelistv5
Published
2023-10-17 12:10
Modified
2024-08-03 01:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
OpenVPN Inc | OpenVPN Connect |
Version: until 3.4.0.4506 Version: until 3.4.0.3100 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:57.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/" }, { "tags": [ "x_transferred" ], "url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "platforms": [ "Windows", "MacOS" ], "product": "OpenVPN Connect", "vendor": "OpenVPN Inc", "versions": [ { "lessThan": "3.4.0.4506", "status": "affected", "version": "until 3.4.0.4506", "versionType": "macOS" }, { "lessThan": "3.4.0.3100", "status": "affected", "version": "until 3.4.0.3100", "versionType": "Windows" } ] } ], "descriptions": [ { "lang": "en", "value": "OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-17T12:10:36.100Z", "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN" }, "references": [ { "url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/" }, { "url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/" } ] } }, "cveMetadata": { "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "assignerShortName": "OpenVPN", "cveId": "CVE-2022-3761", "datePublished": "2023-10-17T12:10:36.100Z", "dateReserved": "2022-10-31T07:38:29.762Z", "dateUpdated": "2024-08-03T01:20:57.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }