How severe is CVE-2018-7544?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2018-7544?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2018-7544 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning

Related Vulnerabilities

CVE-2017-0898

CRITICAL

CVSS:9.1(Critical)

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting i...

CWE-1342017

CVE-2018-6317

CRITICAL

CVSS:9.1(Critical)

The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of s...

CWE-1342018

CVE-2024-35845

CRITICAL

CVSS:9.1(Critical)

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is te...

CWE-1342024

CVE-2024-42330

CRITICAL

CVSS:9.1(Critical)

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the ...

CWE-1342024

CVE-2014-8170

HIGH

CVSS:8.8(High)

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, w...

CWE-1342014

CVE-2016-10773

HIGH

CVSS:8.8(High)

cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).

CWE-1342016