Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests.

Remediation

References

CVE-2014-9104

Related Vulnerabilities

WordPress Plugin Chained Quiz SQL Injection (1.0.8)

Mailman Other Vulnerability (CVE-2003-0038)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)

WordPress Plugin WP Simple Spreadsheet Fetcher for Google Cross-Site Request Forgery (0.3.6)

Jenkins Origin Validation Error Vulnerability (CVE-2024-23898)

Severity

Medium

Classification

CVE-2014-9104 CWE-352

Tags

Missing Update Known Vulnerabilities