Local User Execution of Arbitrary Code via ELECTRON_RUN_AS_NODE Environment Variable
CVE-2023-7245

Currently unrated

Key Information:

Vendor

Openvpn
Status
Openvpn Connect
Vendor
CVE Published:
20 February 2024

What is CVE-2023-7245?

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenVPN Connect Windows 3.0 (Windows) <= 3.4.3

OpenVPN Connect Windows 3.0 (macOS) <= 3.4.7

References

https://openvpn.net/vpn-server-resources/openvpn-connect-...
release-notes
https://openvpn.net/vpn-server-resources/openvpn-connect-...
release-notes

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.