vulnerability

OpenVPN service pipe to be accessed remotely (CVE-2024-24974)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Jul 8, 2024	Dec 12, 2024	Dec 12, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Jul 8, 2024

Added

Dec 12, 2024

Modified

Dec 12, 2024

Description

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.

Solution

openvpn-openvpn-upgrade-latest

References

CVE-2024-24974
https://attackerkb.com/topics/CVE-2024-24974
URL-https://community.openvpn.net/openvpn/wiki/CVE-2024-24974
URL-https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
URL-https://www.mail-archive.com/[email protected]/msg07534.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today