Critical Security Vulnerabilities in OpenVPN Access Server

OpenVPN Access Server, which is supported by the OpenVPN 2 codebase, has two critical security vulnerabilities identified. Some older versions of the OpenVPN Access Server (2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, and 2.12.1) contain a copy of an outdated OpenVPN version with two security vulnerabilities.

CVE-2023-46850 is a vulnerability resulting from OpenVPN incorrectly utilizing a memory buffer after it has been freed. Under specific circumstances, the freed memory can still be transmitted to a client that is still in use, potentially exposing sensitive data. This security vulnerability primarily affects the TLS (Transport Layer Security) configuration. In other words, it could jeopardize secure data transmission over TLS configuration.

CVE-2023-46849 allows clients to conduct a Denial of Service (DoS) attack. This security vulnerability results from the server incorrectly reloading the “–fragment” configuration under certain conditions. A remote client could induce a division-by-zero error, leading to a DoS attack.

To mitigate the risk of becoming a target for attacks exploiting these vulnerabilities, it is strongly recommended to use the latest version, 2.12.2, which includes OpenVPN 2.6.7.

Critical Security Vulnerabilities in OpenVPN Access Server

Share This:

Ready to Take The Next Step?

About the Program

Become A Partner

Partner Portal Login

Blog

Datasheets

e-Books

Events

Glossary

Threat Intelligence Researches

Reports

Security News

Infographics

Whitepapers

Webinars

Platform Overview

Brand Protection

External Attack Surface Management

Cyber Threat Intelligence

Fraud Protection

Supply Chain Security

About Us

Careers

News

Awards

Logos & Press Kit

Preventing Data Leakage

Phishing Monitoring

Account Takeover Detection

Stolen Credit Cards

Dark Web Monitoring

Remediation and Takedown

Customer Stories

Technology Integrations