urlscan.io logo urlscan.io
SecurityTrails logo

www.tenable.com Open in urlscan Pro
2606:4700::6812:17c  Public Scan

Back to summary
URL: https://www.tenable.com/plugins/nessus/159204
Submission: On March 29 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * 
 * Plugins

 * Settings
   
   LINKS
   
   Tenable.io Tenable Community & Support Tenable University
   
   Severity
   VPRCVSS v2CVSS v3
   
   Theme
   LightDarkAuto
   
   Help


 * 
 * Links
   Tenable.ioTenable Community & SupportTenable University
 * Settings
   Severity
   VPRCVSS v2CVSS v3
   Theme
   LightDarkAuto
 * Newest
 * Updated
 * Search
 * Nessus Families
 * WAS Families
 * NNM Families
 * LCE Families
 * Tenable.ot Families
 * About Plugin Families
 * Nessus Release Notes

 * Newest
 * Updated
 * Search
 * Nessus Families
 * WAS Families
 * NNM Families
 * LCE Families
 * Tenable.ot Families
 * About Plugin Families
 * Nessus Release Notes

 1. Plugins
 2. Nessus
 3. 159204

 1. Nessus


UBUNTU 18.04 LTS : OPENVPN VULNERABILITY (USN-5347-1)

CRITICAL NESSUS PLUGIN ID 159204

Language:

English
English日本語简体中文繁體中文
 * Information
 * Dependencies
 * Dependents

NEW! PLUGIN SEVERITY NOW USING CVSS V3

The calculated severity for Plugins has been updated to use CVSS v3 by default.
Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for
calculating severity. Severity display preferences can be toggled in the
settings dropdown.

SYNOPSIS

The remote Ubuntu host is missing a security update.


DESCRIPTION

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a
vulnerability as referenced in the USN-5347-1 advisory.

- OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in
external authentication plug-ins when more than one of them makes use of
deferred authentication replies, which allows an external user to be granted
access with only partially correct credentials. (CVE-2022-0547)

Note that Nessus has not tested for this issue but has instead relied only on
the application's self-reported version number.


SOLUTION

Update the affected openvpn package.


SEE ALSO

https://ubuntu.com/security/notices/USN-5347-1

PLUGIN DETAILS

Severity: Critical

ID: 159204

File Name: ubuntu_USN-5347-1.nasl

Version: 1.2

Type: local

Agent: unix

Family: Ubuntu Local Security Checks

Published: 3/24/2022

Updated: 3/24/2022






Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS,
Frictionless Assessment Azure

RISK INFORMATION

CVSS Score Source: CVE-2022-0547



VPR

Risk Factor: Medium

Score: 6.3

CVSS V2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS V3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

VULNERABILITY INFORMATION

CPE: cpe:/o:canonical:ubuntu_linux:18.04:-:lts,
p-cpe:/a:canonical:ubuntu_linux:openvpn

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release,
Host/Debian/dpkg-l



Exploit Ease: No known exploits are available



Patch Publication Date: 3/24/2022

Vulnerability Publication Date: 3/16/2022



REFERENCE INFORMATION

CVE: CVE-2022-0547

USN: 5347-1

 * Tenable.com
 * Community & Support
 * Documentation
 * Education

 * © 2022 Tenable®, Inc. All Rights Reserved
 * Privacy Policy
 * Legal
 * 508 Compliance