CVE-2017-5868

moderate-risk
Published 2017-05-26

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.

Do I need to act?

~
8.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Openvpn Access Server

Affected Vendors

Openvpn

References (6)

Exploit http://www.openwall.com/lists/oss-security/2017/05/23/13
Third Party Advisory http://www.securitytracker.com/id/1038547
Exploit https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crl...
Exploit http://www.openwall.com/lists/oss-security/2017/05/23/13
Third Party Advisory http://www.securitytracker.com/id/1038547
Exploit https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crl...
38
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 10/34 · Low
Exposure 5/34 · Minimal