APP: OpenVPN P_CONTROL Denial Of Service

This signature detects attempts to exploit a known vulnerability in OpenVPN. A remote, unauthenticated attacker can exploit this vulnerability to cause the OpenVPN server program to terminate, resulting in a denial-of-service condition.

Extended Description

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Affected Products

Openvpn openvpn

References

CVE: CVE-2017-7478

Short Name
APP:MISC:OPENVPN-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2017-7478 Denial Of OpenVPN P_CONTROL Service
Release Date
06/08/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
Port
UDP/1194
False Positive
Unknown
Vendors

Openvpn

CVSS Score

5.0

Found a potential security threat?