Buffer Overflow Vulnerability Affects AWS Client VPN on Windows, macOS, and Linux
CVE-2024-30164

6.7MEDIUM

Key Information:

Vendor: Amazon
Vendor: CVE Published:; 28 May 2024

What is CVE-2024-30164?

Amazon AWS Client VPN is affected by a buffer overflow vulnerability that presents a risk for local threat actors to execute arbitrary commands with elevated permissions. This vulnerability can compromise system integrity and user trust, making it essential for users to update their software to the latest available versions. Affected users should take immediate action to apply the fixes provided in versions 3.11.1 for Windows, 3.9.1 for macOS, and 3.12.1 for Linux to secure their systems against exploitation.

References

https://docs.aws.amazon.com/vpn/latest/clientvpn-user/cli...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024