Vulnerability Details : CVE-2008-3459
Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
Products affected by CVE-2008-3459
- cpe:2.3:a:openvpn:openvpn:2.1:rc_4:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:rc_5:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:beta-16:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:rc_1:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:rc_8:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:beta-14:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:beta-15:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:rc_6:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:rc_7:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:rc_2:*:*:*:*:*:*
- cpe:2.3:a:openvpn:openvpn:2.1:rc_3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3459
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3459
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2008-3459
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3459
-
http://openvpn.net/index.php/documentation/change-log/changelog-21.html
Page Not Found | OpenVPN
-
http://www.securitytracker.com/id?1020626
Access Denied
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44209
OpenVPN client lladdr and iproute configuration directive code execution CVE-2008-3459 Vulnerability Report
-
http://www.securityfocus.com/bid/30532
-
http://www.vupen.com/english/advisories/2008/2316
Site en constructionVendor Advisory
Jump to