Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and execute arbitrary commands via crafted API requests.

Remediation

References

CVE-2014-9104

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20401)

PHP hangs on parsing particular strings as floating point number

WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (3.4.7)

MySQL CVE-2020-2765 Vulnerability (CVE-2020-2765)

Magento Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2019-8113)

Severity

Medium

Classification

CVE-2014-9104 CWE-352

Tags

Missing Update Known Vulnerabilities