CVE-2006-2229 Affecting openvpn package, versions *


Severity

Recommended
low

Based on Debian security rating.

Threat Intelligence

Exploit Maturity
Not Defined
EPSS
1.6% (88th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN10-OPENVPN-345151
  • published5 May 2006
  • disclosed5 May 2006

Introduced: 5 May 2006

CVE-2006-2229  (opens in a new tab)

How to fix?

There is no fixed version for Debian:10 openvpn.

NVD Description

Note: Versions mentioned in the description apply only to the upstream openvpn package and not the openvpn package as distributed by Debian. See How to fix? for Debian:10 relevant fixed versions and status.

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.

CVSS Scores

version 3.1