| Vulnerability Name: | CVE-2013-2692 (CCN-84101) | ||||||||
| Assigned: | 2013-05-08 | ||||||||
| Published: | 2013-05-08 | ||||||||
| Updated: | 2014-05-14 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-2692 Source: CONFIRM Type: Vendor Advisory http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html Source: CCN Type: OpenVPN Web site Release Notes 1.8.5 Source: OSVDB Type: UNKNOWN 93111 Source: CCN Type: SA52802 OpenVPN Access Server Cross-Site Request Forgery Vulnerability Source: SECUNIA Type: Vendor Advisory 52802 Source: CCN Type: BID-59736 OpenVPN Access Server CVE-2013-2692 Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN openvpn-cve20132692-admin-csrf(84101) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||