SynopsisAn application on the remote Windows host is affected by a remote code execution vulnerability.
DescriptionAccording to its self-reported version number, the version of OpenVPN server installed on the remote Windows host is version 2.0.x prior to 2.0.3. It is, therefore, affected by a remote command execution vulnerability in its DHCP component due to a format string vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with the privileges of the user running the server.
SolutionUpgrade to OpenVPN 2.0.3 or later.