CVE-2022-0547
openvpn - security update
9.8
CRITICAL
CVSS 3.1
EPSS 0.46%
Description
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
How to fix CVE-2022-0547
To remediate CVE-2022-0547, upgrade the affected package to a fixed version below.
- —upgrade to 2.4.12-r0 or later
- —upgrade to 2.5.1-3+deb11u1 or later
- —upgrade to 2.5.1-3+deb11u1 or later
Is CVE-2022-0547 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.4.12-r0
- from 0, < 2.5.1-3+deb11u1
- from 0, < 2.5.1-3+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |