OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
History

Fri, 01 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: OpenVPN

Published: 2024-07-08T21:30:24.798Z

Updated: 2024-11-01T20:38:32.966Z

Reserved: 2024-03-12T18:26:01.733Z

Link: CVE-2024-28882

cve-icon Vulnrichment

Updated: 2024-08-02T01:03:50.213Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-08T22:15:02.410

Modified: 2024-11-21T09:07:06.380

Link: CVE-2024-28882

cve-icon Redhat

No data.