Remote Interactive Service Vulnerability in OpenVPN
CVE-2024-24974

7.5HIGH

Key Information:

Vendor: Openvpn
Status: Openvpn 2
Vendor: CVE Published:; 8 July 2024

Summary

A vulnerability exists in OpenVPN prior to version 2.6.9 that permits remote attackers to access the OpenVPN service pipe. This flaw enables potential unauthorized interaction with the OpenVPN interactive service, which operates with elevated privileges. Attackers who exploit this vulnerability could perform actions that compromise the integrity and confidentiality of the system running OpenVPN.

Affected Version(s)

OpenVPN 2 Windows 2.6.9 and earlier

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-24974

https://openvpn.net/security-advisory/ovpnx-vulnerability...

https://www.mail-archive.com/[email protected]...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2024
Vulnerability Reserved
Mar 12, 2024