OpenVPN CVE-2022-0547
-
Is the version of openvpn (2.5.4) installed on pfsense+ 22.01-RELEASE vulnerable to CVE-2022-0547? If so is there a way to update it?
Thank you.
-
The binary is technically vulnerable but pfSense software does not configure OpenVPN in a vulnerable way, so it's not relevant.
Everything I'm reading about that CVE requires multiple authentication plugins on a single instance to use deferred authentication to trigger the problem and pfSense software only configures a single plugin for that role.
-
@jimp Thanks!