Details of VAR-200605-0584

ID

VAR-200605-0584

CVE

CVE-2006-2229

TITLE

OpenVPN management interface TCP session information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-2916

DESCRIPTION

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. OpenVPN is prone to a denial-of-service vulnerability

Trust: 1.71

sources: NVD: CVE-2006-2229 // CNVD: CNVD-2006-2916 // BID: 87623

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-2916

AFFECTED PRODUCTS

vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0	Trust: 1.9
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta5	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta18	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta3	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta4	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta6	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta20	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta28	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta7	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta2	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta19	Trust: 1.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test10	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc2	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test6	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.3_rc1	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc5	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1_rc7	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1_rc4	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test19	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1_rc3	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta10	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test16	Trust: 1.0
vendor:	openvpn	model:	access server	scope:	eq	version:	2.0.5	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test17	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test18	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test1	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test15	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test25	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1_rc1	Trust: 1.0
vendor:	openvpn	model:	access server	scope:	eq	version:	2.0.7	Trust: 1.0
vendor:	openvpn	model:	access server	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1_rc2	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta8	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta1	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc21	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc4	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test9	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test11	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test24	Trust: 1.0
vendor:	openvpn	model:	access server	scope:	eq	version:	2.0.6	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test20	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta17	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test21	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test3	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc17	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc1	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1_rc6	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test27	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc16	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta16	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc12	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc7	Trust: 1.0
vendor:	openvpn	model:	access server	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta13	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc13	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc3	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc14	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc8	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test5	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test22	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test29	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1_rc5	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta9	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test7	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.2_rc1	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.6_rc1	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test23	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta12	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test2	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc15	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test14	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc20	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test12	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc11	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc19	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc18	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc10	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta15	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc6	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test4	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test8	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_test26	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_beta11	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0_rc9	Trust: 1.0
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.1	Trust: 0.9
vendor:	openvpn	model:	2.0.1 rc1	scope:	-	version:	-	Trust: 0.6
vendor:	openvpn	model:	2.0.1 rc2	scope:	-	version:	-	Trust: 0.6
vendor:	openvpn	model:	2.0.1 rc3	scope:	-	version:	-	Trust: 0.6
vendor:	openvpn	model:	2.0.1 rc4	scope:	-	version:	-	Trust: 0.6
vendor:	openvpn	model:	2.0.1 rc5	scope:	-	version:	-	Trust: 0.6
vendor:	openvpn	model:	openvpn	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	openvpn	model:	rc5	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	openvpn	model:	rc4	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	openvpn	model:	rc3	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	openvpn	model:	rc2	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	openvpn	model:	rc1	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	openvpn	model:	rc1	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	openvpn	model:	rc1	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	openvpn	model:	rc1	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	openvpn	model:	openvpn	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	openvpn	model:	rc7	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	openvpn	model:	rc6	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	openvpn	model:	test9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test8	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test7	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test6	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test5	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test4	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test3	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test29	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test27	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test26	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test25	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test24	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test23	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test22	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test21	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test20	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test19	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test18	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test17	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test16	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test15	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test14	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test12	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test11	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test10	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	test1	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc8	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc7	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc6	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc5	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc4	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc3	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc21	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc20	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc19	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc18	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc17	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc16	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc15	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc14	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc13	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc12	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc11	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc10	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	rc1	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta8	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta7	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta6	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta5	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta4	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta3	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta28	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta20	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta19	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta18	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta17	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta16	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta15	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta13	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta12	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta11	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta10	scope:	eq	version:	2.0	Trust: 0.3
vendor:	openvpn	model:	beta1	scope:	eq	version:	2.0	Trust: 0.3

sources: CNVD: CNVD-2006-2916 // BID: 87623 // CNNVD: CNNVD-200605-102 // NVD: CVE-2006-2229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2229
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2006-2916
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200605-102
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-2229
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2006-2916
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2006-2916 // CNNVD: CNNVD-200605-102 // NVD: CVE-2006-2229

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-102

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200605-102

EXTERNAL IDS

db:	NVD	id:	CVE-2006-2229	Trust: 2.5
db:	OSVDB	id:	25660	Trust: 1.6
db:	CNVD	id:	CNVD-2006-2916	Trust: 0.6
db:	CNNVD	id:	CNNVD-200605-102	Trust: 0.6
db:	BID	id:	87623	Trust: 0.3

sources: CNVD: CNVD-2006-2916 // BID: 87623 // CNNVD: CNNVD-200605-102 // NVD: CVE-2006-2229

REFERENCES

url:	http://openvpn.net/man.html	Trust: 1.9
url:	http://www.securityfocus.com/archive/1/432863/100/0/threaded	Trust: 1.6
url:	http://www.osvdb.org/25660	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/432867/100/0/threaded	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/433000/100/0/threaded	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/archive/1/432863/100/0/threaded	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/433000/100/0/threaded	Trust: 0.3
url:	http://www.securityfocus.com/archive/1/archive/1/432867/100/0/threaded	Trust: 0.3

sources: CNVD: CNVD-2006-2916 // BID: 87623 // CNNVD: CNNVD-200605-102 // NVD: CVE-2006-2229

CREDITS

Unknown

Trust: 0.3

sources: BID: 87623

SOURCES

db:	CNVD	id:	CNVD-2006-2916
db:	BID	id:	87623
db:	CNNVD	id:	CNNVD-200605-102
db:	NVD	id:	CVE-2006-2229

LAST UPDATE DATE

2024-08-14T14:35:32.939000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-2916	date:	2006-05-05T00:00:00
db:	BID	id:	87623	date:	2006-05-05T00:00:00
db:	CNNVD	id:	CNNVD-200605-102	date:	2020-05-13T00:00:00
db:	NVD	id:	CVE-2006-2229	date:	2020-05-12T14:21:29.940

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-2916	date:	2006-05-05T00:00:00
db:	BID	id:	87623	date:	2006-05-05T00:00:00
db:	CNNVD	id:	CNNVD-200605-102	date:	2006-05-05T00:00:00
db:	NVD	id:	CVE-2006-2229	date:	2006-05-05T19:02:00