Base Score

HIGH7.5

CVE-2021-31606

furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.

VectorNETWORK

Published Bycve@mitre.org

Published DateSep 27, 2021, 06:15

Affected Versions(1)

openvpn-monitor(PyPI)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
openvpn-monitor(PyPI)	0	N/A	N/A

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://packetstormsecurity.com/files/164274/OpenVPN-Monitor-1.1.3-Authorization-Bypass-Denial-Of-Service.html
https://github.com/furlongm/openvpn-monitor/commit/ddb9d31ef0ec56f578bdacf99ebe9d68455ed8ca
https://github.com/furlongm/openvpn-monitor/releases

Base Score

HIGH7.5

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH