Arbitrary Plug-in Loading Vulnerability in OpenVPN for Windows
CVE-2024-27903
Key Information:
Badges
Summary
The OpenVPN software on Windows prior to version 2.6.9 has a significant security flaw that allows malicious actors to load arbitrary plug-ins from any directory. This vulnerability exploits improper validation during the loading process of OpenVPN plug-ins, enabling attackers to inject potentially harmful code into the privileged OpenVPN interactive service. The vulnerability poses a threat to users' systems and can lead to unauthorized actions performed under the open interactive service's context. Users are urged to update their OpenVPN installations promptly to mitigate the risks associated with this vulnerability.
Affected Version(s)
OpenVPN 2 Windows 2.6.9 and earlier
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
The Hacker NewsCVE-2024-27903Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
6 months ago
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system comp...
6 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by Microsoft
Vulnerability published
Vulnerability Reserved