CVE-2024-28882 - OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenti

CVE-2024-28882

Summary

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-28882
https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

01-11-2024 - 21:35

Published

08-07-2024 - 22:15

Last modified

01-11-2024 - 21:35