CVE-2021-4234
First published: Wed Jul 06 2022(Updated: )
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
Credit: security@openvpn.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openvpn Openvpn Access Server | <2.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this OpenVPN Access Server vulnerability?
The vulnerability ID for this OpenVPN Access Server vulnerability is CVE-2021-4234.
What is the severity of CVE-2021-4234?
The severity of CVE-2021-4234 is high with a CVSS score of 7.5.
Which versions of OpenVPN Access Server are affected by CVE-2021-4234?
OpenVPN Access Server 2.10 and prior versions are affected by CVE-2021-4234.
How does CVE-2021-4234 vulnerability work?
CVE-2021-4234 allows an attacker to resend multiple packets in response to a reset packet from the client, resulting in a limited amplification attack.
How can I fix CVE-2021-4234?
To fix CVE-2021-4234, you should update OpenVPN Access Server to version 2.11.0 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/openvpn
- canonical/openvpn openvpn access server