漏洞描述
OpenVPN Connect是美国OpenVPN公司的一款VPN(虚拟私人网络)客户端应用程序。 OpenVPN Connect 3.4.0.4506 (macOS) 之前版本、 OpenVPN Connect 3.4.0.3100 (Windows) 之前版本存在安全漏洞,该漏洞源于允许中间人攻击者拦截包含用户凭据的配置文件下载请求。
OpenVPN Connect 信任管理问题漏洞
PoC代码
暂无相关漏洞推荐
- (CVE-2025-62712) JumpServer ConnectionToken 权限验证不当漏洞
- CVE-2019-11510: Pulse Connect Secure SSL VPN Arbitrary File Read
- Ivanti Pulse Connect Secure VPN /dana-na/auth/saml-sso.cgi XML 外部实体注入漏洞(CVE-2024-22024)
- WordPress InstaWP Connect 插件 / rest_route 文件上传漏洞(CVE-2024-2667)
- Oracle PeopleSoft /PSIGW/PeopleSoftServiceListeningConnector XML 外部实体注入漏洞(CVE-2017-3548)
- POC CVE-2025-22457: Ivanti Connect Secure - Stack-based Buffer Overflow
- POC CVE-2017-17043: WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
- POC CVE-2017-5868: OpenVPN Access Server 2.1.4 - CRLF Injection
- POC CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access
- POC CVE-2019-11510: Pulse Connect Secure SSL VPN Arbitrary File Read
- POC CVE-2020-15505: MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
- POC CVE-2021-20123: Draytek VigorConnect 1.6.0-B - Local File Inclusion
- POC CVE-2021-20124: Draytek VigorConnect 6.0-B3 - Local File Inclusion