vulnerability

OpenVPN plug-ins can be loaded from any directory (CVE-2024-27903)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jul 8, 2024	Dec 12, 2024	Dec 12, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jul 8, 2024

Added

Dec 12, 2024

Modified

Dec 12, 2024

Description

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

Solution

openvpn-openvpn-upgrade-latest

References

CVE-2024-27903
https://attackerkb.com/topics/CVE-2024-27903
URL-https://community.openvpn.net/openvpn/wiki/CVE-2024-27903
URL-https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
URL-https://www.mail-archive.com/[email protected]/msg07534.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today