Symlink Vulnerability in OpenVPN Connect for macOS by OpenVPN
CVE-2020-15075

7.1HIGH

Key Information:

Vendor: Openvpn
Status: Openvpn Connect
Vendor: CVE Published:; 30 March 2021

Summary

The OpenVPN Connect installer for macOS versions prior to 3.2.7 is susceptible to a symlink vulnerability that could lead to the unintended corruption of critical system files. This vulnerability arises from improper handling of symlinks in the /tmp directory, potentially granting the installer access to files that should remain protected. Users running affected versions are advised to upgrade to the latest version to mitigate this issue.

Affected Version(s)

OpenVPN Connect 3.2.6 and prior versions

References

https://openvpn.net/vpn-server-resources/openvpn-connect-...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2021
Vulnerability Reserved
Jun 25, 2020