Vulnerability Name:

CVE-2018-7544 (CCN-220627)

Assigned:2018-03-16
Published:2018-03-16
Updated:2018-04-10
Summary:** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element.
Note: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning.
CVSS v3 Severity:9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
8.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
8.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-134
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2018-7544

Source: CCN
Type: OpenVPN Web site
[DRAFT] CVE-2018-7544: * DISPUTED * Remote Information Disclosure and Denial Of Service

Source: XF
Type: UNKNOWN
openvpn-cve20187544-command-exec(220627)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-7544

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:openvpn:openvpn:2.4.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7727
    P
    		openvpn-2.5.6-150400.3.6.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:696
    P
    		Security update for webkit2gtk3 (Important)
    2022-08-16
    oval:org.opensuse.security:def:3407
    P
    		xorg-x11-libs-7.6-45.14 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3133
    P
    		libXRes1-1.0.7-3.53 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3597
    P
    		libgme0-0.6.0-5.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94763
    P
    		openvpn-2.5.5-150400.1.5 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94519
    P
    		clamav-0.103.5-3.35.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95233
    P
    		Security update for ucode-intel (Moderate)
    2022-05-18
    oval:org.opensuse.security:def:6009
    P
    		Security update for the Linux Kernel (Important)
    2022-04-14
    oval:org.opensuse.security:def:113070
    P
    		openvpn-2.5.4-2.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:101946
    P
    		Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:101232
    P
    		python3-bottle-0.12.13-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:111385
    P
    		Security update for openvpn (Moderate)
    2021-05-15
    oval:org.opensuse.security:def:75842
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:34429
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:117413
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:58739
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:37542
    P
    		Security update for openvpn-openssl1 (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:66774
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:76166
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:87380
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:60252
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:73618
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:40702
    P
    		Security update for openvpn-openssl1 (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:67098
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:42827
    P
    		Security update for openvpn-openssl1 (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:107898
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:64496
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:73808
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:32916
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:96941
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:45132
    P
    		Security update for openvpn-openssl1 (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:5685
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:108612
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:org.opensuse.security:def:64686
    P
    		Security update for openvpn (Moderate)
    2021-05-12
    oval:com.ubuntu.artful:def:20187544000
    V
    		CVE-2018-7544 on Ubuntu 17.10 (artful) - low.
    2018-03-16
    oval:com.ubuntu.bionic:def:201875440000000
    V
    		CVE-2018-7544 on Ubuntu 18.04 LTS (bionic) - low.
    2018-03-16
    oval:com.ubuntu.bionic:def:20187544000
    V
    		CVE-2018-7544 on Ubuntu 18.04 LTS (bionic) - low.
    2018-03-16
    oval:com.ubuntu.xenial:def:201875440000000
    V
    		CVE-2018-7544 on Ubuntu 16.04 LTS (xenial) - low.
    2018-03-16
    oval:com.ubuntu.trusty:def:20187544000
    V
    		CVE-2018-7544 on Ubuntu 14.04 LTS (trusty) - low.
    2018-03-16
    oval:com.ubuntu.xenial:def:20187544000
    V
    		CVE-2018-7544 on Ubuntu 16.04 LTS (xenial) - low.
    2018-03-16
    BACK
    openvpn openvpn 2.4.5