CVE-2023-7235

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenVPN versions prior to 2.6.9

Description The OpenVPN GUI installer did not set proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path. This allows an attacker to replace binaries and run arbitrary executables. The issue affects Windows GUI installations of OpenVPN.

Recommendations For versions prior to 2.6.9, update to version 2.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation directory of OpenVPN binaries to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

ALT-PU-2024-10859

ALT-PU-2024-10885

ALT-PU-2024-4639

CVE-2023-7235

Affected Products

Alt Linux

Openvpn

CVE-2023-7235

Weakness Enumeration

Related Identifiers

Affected Products

References · 13