CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
OpenVPNCNA
---
---
CISA-ADPADP
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
openvpneasy-rsa
3.0.5 ≤
𝑥
≤ 3.1.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
easy-rsa
bullseye
3.0.8-1
not-affected
bookworm
no-dsa
trixie
3.2.2-1
fixed
forky
3.2.3-1
fixed
sid
3.2.3-1
fixed
Common Weakness Enumeration
References
https://community.openvpn.net/openvpn/wiki/CVE-2024-13454