Stack Overflow Vulnerability in OpenVPN Allows Arbitrary Code Execution
CVE-2024-27459

7.8HIGH

Key Information:

Vendor

Openvpn
Status
Openvpn Gui
Vendor
CVE Published:
8 July 2024

Badges

đź“° News Worthy

What is CVE-2024-27459?

The interactive service component of OpenVPN versions 2.6.9 and earlier is susceptible to a stack overflow vulnerability. This flaw enables attackers to send specially crafted data to the service, resulting in a stack overflow condition. Exploiting this vulnerability may allow the execution of arbitrary code, leading to elevated privileges on the affected system. Users of OpenVPN are encouraged to review their usage of the software and apply necessary security measures to mitigate potential risks.

Affected Version(s)

OpenVPN GUI Windows 2.6.9 and earlier

News Articles

favicon imageMicrosoft

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog

Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system comp...

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-27459
https://openvpn.net/security-advisory/ovpnx-vulnerability...
https://www.mail-archive.com/[email protected]...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Microsoft

  • Vulnerability published

  • Vulnerability Reserved

.