CVE-2022-33737 - Vulnerability Details

Vendors	Products
Openvpn	Openvpn Access Server

Link	Providers
https://openvpn.net/vpn-server-resources/release-notes/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "OpenVPN Access Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "from version 2.10.0 and before 2.11.0"}]}], "descriptions": [{"lang": "en", "value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-708", "description": "CWE-708: Incorrect Ownership Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-06T15:09:08", "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://openvpn.net/vpn-server-resources/release-notes/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@openvpn.net", "ID": "CVE-2022-33737", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenVPN Access Server", "version": {"version_data": [{"version_value": "from version 2.10.0 and before 2.11.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-708: Incorrect Ownership Assignment"}]}]}, "references": {"reference_data": [{"name": "https://openvpn.net/vpn-server-resources/release-notes/", "refsource": "MISC", "url": "https://openvpn.net/vpn-server-resources/release-notes/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.660Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://openvpn.net/vpn-server-resources/release-notes/"}]}]}, "cveMetadata": {"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "assignerShortName": "OpenVPN", "cveId": "CVE-2022-33737", "datePublished": "2022-07-06T15:09:08", "dateReserved": "2022-06-15T00:00:00", "dateUpdated": "2024-08-03T08:09:22.660Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : OpenVPN Access Server (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : from version 2.10.0 and before 2.11.0 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-708 (string)

description : CWE-708: Incorrect Ownership Assignment (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-07-06T15:09:08 (string)

orgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

shortName : OpenVPN (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://openvpn.net/vpn-server-resources/release-notes/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@openvpn.net (string)

ID : CVE-2022-33737 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : OpenVPN Access Server (string)

version : { »

version_data : [ »

0 : { »

version_value : from version 2.10.0 and before 2.11.0 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-708: Incorrect Ownership Assignment (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://openvpn.net/vpn-server-resources/release-notes/ (string)

refsource : MISC (string)

url : https://openvpn.net/vpn-server-resources/release-notes/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T08:09:22.660Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://openvpn.net/vpn-server-resources/release-notes/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 36a55730-e66d-4d39-8ca6-3c3b3017965e (string)

assignerShortName : OpenVPN (string)

cveId : CVE-2022-33737 (string)

datePublished : 2022-07-06T15:09:08 (string)

dateReserved : 2022-06-15T00:00:00 (string)

dateUpdated : 2024-08-03T08:09:22.660Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E9240D0-8D69-4A89-A3AC-C3CE7040ACDE", "versionEndExcluding": "2.11.0", "versionStartIncluding": "2.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password"}, {"lang": "es", "value": "El instalador de OpenVPN Access Server crea un archivo de registro legible para todo el mundo, que a partir de la versi\u00f3n 2.10.0 y versiones anteriores a 2.11.0, puede contener una contrase\u00f1a de administrador generada aleatoriamente"}], "id": "CVE-2022-33737", "lastModified": "2024-11-21T07:08:26.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-06T16:15:08.453", "references": [{"source": "security@openvpn.net", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://openvpn.net/vpn-server-resources/release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://openvpn.net/vpn-server-resources/release-notes/"}], "sourceIdentifier": "security@openvpn.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-708"}], "source": "security@openvpn.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3E9240D0-8D69-4A89-A3AC-C3CE7040ACDE (string)

versionEndExcluding : 2.11.0 (string)

versionStartIncluding : 2.10.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password (string)

}

1 : { »

lang : es (string)

value : El instalador de OpenVPN Access Server crea un archivo de registro legible para todo el mundo, que a partir de la versión 2.10.0 y versiones anteriores a 2.11.0, puede contener una contraseña de administrador generada aleatoriamente (string)

}

]

id : CVE-2022-33737 (string)

lastModified : 2024-11-21T07:08:26.270 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-07-06T16:15:08.453 (string)

references : [ »

0 : { »

source : security@openvpn.net (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://openvpn.net/vpn-server-resources/release-notes/ (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://openvpn.net/vpn-server-resources/release-notes/ (string)

}

]

sourceIdentifier : security@openvpn.net (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-708 (string)

}

]

source : security@openvpn.net (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-532 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object